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Joint  Security  Commission 
Washington,  D.C.  20505 

February  28, 1994 


The  Honorable  William  J.  Perry 
Secretary  of  Defense 
Pentagon 

Washington,  D.  C.  20301 
Dear  Sirs: 

1.  Pursuant  to  your  request,  the  Joint  Security  Commission  was  convened  on  June  11, 1993.  The 
Commission  was  guided  by  your  direction  to  devdop  a  new  approach  to  security  that  would  "assure 
the  adequacy  of  protection  within  the  contours  of  a  security  system  that  is  simplified,  more  uniform, 
and  more  cost  effective." 

2.  This  report  presents  the  recommendations  of  the  Joint  Security  Commission  to  achieve  these 
objectives  and  to  redefine  security  policies,  practices  and  procedures.  The  report  describes  the  threats 
to  our  nation's  security  and  lays  out  a  vision  the  Commission  believes  will  shift  the  course  of  security 
philosophy.  We  also  propose  a  new  policy  structure  and  a  classification  system  designed  to  manage 
risks  better,  and  we  outline  methods  of  improving  government  and  industry  personnel  security  poli¬ 
cies.  We  offer  recommendations  on  developing  new  strategies  for  achieving  security  within  our  infor¬ 
mation  systems,  including  protecting  the  integrity  and  availability  of  both  classifi^  and  unclassified 
information  assets,  and  we  call  for  a  new  approach  to  capture  security  costs.  We  provide  recommen¬ 
dations  for  linking  traditional  physical  and  technical  countermeasures  to  threat.  We  believe  that 
implementation  of  these  recommendations  will  result  in  a  security  system  that  will  meet  the  evolving 
threat  while  being  fairer,  more  coherent,  and  more  cost  effective. 

3.  In  reaching  its  conclusions  and  recommendations,  the  Commission  drew  upon  the  perspec¬ 
tives  of  policymakers.  Congress,  the  military,  industry,  and  public  interest  groups.  Although  our 
charter  was  limited  to  a  review  of  the  Intelligence  and  Defense  Communities,  we  found  that  many  of 
the  problems  and  solutions  have  government-wide  implications.  In  those  instances  where  we  believe 
that  a  government-wide  solution  is  the  best  answer,  we  have  offered  recommendations  to  that  effect. 

4.  This  report  represents  months  of  work  by  the  Commissioners,  our  staff,  and  a  vast  number  of 
citizens  both  in  and  out  of  government,  who  graciously  gave  us  their  time  and  comments.  On  behalf 
of  the  Commission,  I  would  like  to  thank  all  who  contributed  to  this  effort  and  to  give  special  recog¬ 
nition  to  our  superb  staff,  headed  so  ably  by  Dan  Ryan.  Ultimately,  of  course,  the  Commissioners  bear 
full  responsibility  for  the  analysis  and  recommendations  contained  herein. 

5.  As  you  have  directed,  the  Commission  will  remain  in  place  until  June  1,  to  assist  in  the  imple¬ 
mentation  of  our  recommendations.  We  look  forward  to  working  with  you  to  achieve  the  objectives 
you  have  laid  before  us. 


The  Honorable  R.  James  Woolsey 
Director  of  Central  Intelligence 
Washington,  D.  C.  20505 


Very  respectfully, 


Attachment 


Jeffrey  H .  Smith 
Chairman 


Executive  Summary 


The  world  has  changed  dramatically  during  the  last  few  years,  with  pro¬ 
found  implications  for  our  society,  our  government,  and  the  Defense  and 
Intelligence  Communities.  Our  understanding  of  the  range  of  issues  that 
impact  national  security  is  evolving.  Economic  and  environmental  issues  are 
of  increasing  concern  and  compete  with  traditional  political  and  military 
issues  for  resources  and  attention.  Technologies,  from  those  used  to  create 
nuclear  weapons  to  those  that  intaconnect  our  computas,  are  prolifaating. 
The  implications  and  impacts  of  these  technologies  must  be  assessed.  Thae  is 
wide  recognition  that  the  security  policies,  practices,  and  procedures  devel¬ 
oped  during  the  Cold  War  must  be  changed.  Even  without  the  end  of  the  Cold 
War,  it  is  clear  that  our  security  system  has  reached  unacceptable  levels  of 
inefficiency,  inequity,  and  cost.  This  nation  must  develop  a  new  security  sys¬ 
tem  that  can  meet  the  emaging  challenges  we  face  in  the  last  years  of  this  cen¬ 
tury  and  the  first  years  of  the  next. 

With  these  imperatives  in  mind,  the  Joint  Security  Commission  has 
focused  its  attention  on  the  processes  used  to  formulate  and  implement  secu¬ 
rity  policies  in  the  Department  of  Defense  and  the  Intelligence  Community.  In 
reviewing  all  aspects  of  security,  the  Commission  has  been  guided  by  four 
principles: 

.  Our  security  policies  and  services  must  realistically  match  the  threats 
we  face.  The  processes  we  use  to  formulate  policies  and  deliver  savices  must 
be  sufficiently  flexible  to  facilitate  change  as  the  threat  evolves. 

.  Our  security  policies  and  practices  must  be  more  consistent  and  coha- 
ent,  thereby  reducing  inefficiencies  and  enabling  us  to  allocate  scarce 
resources  effectively. 

.  Our  security  standards  and  procedures  must  result  in  the  fair  and  equi¬ 
table  treatment  of  those  upon  whom  we  rely  to  guard  the  nation's  security 

.  Our  security  policies,  practices,  and  procedures  must  provide  the 
needed  security  at  a  price  the  nation  can  afford. 

The  recommendations  of  the  Commission,  presented  in  detail  in  this 
report,  fall  mainly  into  three  categories: 

(1)  recommendations  that  will  maintain  and  hopefully  enhance  security, 
but  at  a  lower  cost  by  avoiding  duplication  and  increasing  efficiency; 

(2)  recommendations  that  will  reduce  current  levels  of  security  but  in 
accordance  with  risk  management  principles  based  on  a  changing  threat;  and 


(3)  recommendations  that  will  create  new  processes  to  formulate  and 
oversee  security  policy  govemmentwide. 

In  a  very  few  cases-most  notably  concerning  personnel  security  and 
information  systems  security-the  Commission  is  recommending  additional 
security  requirements  that  will  increase  costs.  The  Commission's  recommen¬ 
dations  also  include  changes  that  are  revenue  neutral  but  will  make  the  secu¬ 
rity  system  both  more  rational  and  inherently  more  fair.  Although  the 
Commission  is  recommending  certain  specific  changes,  the  primary  concern 
of  the  Commission  is  to  create  new  and  flexible  processes  that  will  adjust 
security  policies,  practices,  and  procedures  to  achieve  our  stated  goals  as  the 
political,  economic,  and  military  realities  evolve. 

In  the  past,  most  security  decisions  have  been  linked  one  way  or  another 
to  assumptions  about  threats.  These  assumptions  frequently  postulated  an  all¬ 
knowing,  highly  competent  enemy.  Against  this  danger,  we  have  striven  to 
avoid  security  risks  by  maximizing  our  defenses  and  miiumizing  our  vulnera¬ 
bilities.  Today's  threats  are  more  diffuse,  multifaceted,  and  dynamic.  We  also 
know  that  some  vulnerabilities  can  never  be  eliminated  fully  nor  would  the 
costs  and  benefits  warrant  trying.  While  the  Commission  recognizes  that  the 
consequences  of  some  security  failures  are  exceptionally  dire  and  require 
exceptional  protection  measures,  in  most  cases  it  is  possible  to  balance  the  risk 
of  loss  or  damage  of  disclosure  against  the  costs  of  countermeasures.  We  can 
then  select  a  mix  that  provides  adequate  protection  without  excessive  cost  in 
dollars  and  without  impeding  the  efficient  flow  of  information  to  those  who 
require  ready  access  to  it.  The  Commission  believes  that  the  nation  must 
develop  a  security  framework  that  will  provide  a  rational,  cost-effective,  flexi¬ 
ble  set  of  policies,  practices,  and  procedures.  This  framework  must  use  a  risk 
management  approach  that  considers  actual  threats,  inherent  vulnerabilities, 
and  the  availability  and  costs  of  countermeasures  as  the  underlying  basis  for 
making  security  decisions. 

Risk  management  requires  evaluating  the  resource  impact  of  proposed 
changes  in  security  policies  and  standards.  This  is  practically  impossible  with 
today's  accounting  systems  because  they  are  not  designed  to  collect  security 
cost  data.  The  Commission  believes  that  establishing  a  system  to  capture 
security  costs  is  crucial  to  effective  streamlining  and  cost  reduction.  Therefore, 
we  have  recommended  the  creation  of  a  uniform  cost-accounting  methodol¬ 
ogy  and  tracking  system  for  security  resources  expended  by  the  Department 
of  Defense,  the  IntdIigence  Community,  and  supporting  industry. 

The  Commission  believes  two  areas  require  particular  attention.  First, 
personnel  security  lies  at  the  very  heart  of  our  security  system.  No  amount  of 
physical,  information  systems,  or  procedural  security  will  be  sufficient  if  we 
cannot  ensure  the  trustworthiness  of  those  who  must  deal  with  sensitive  and 
classified  information.  Grave  damage  has  been  caused  to  the  United  States  by 
current  or  former  employees  and  contractors  of  the  government  who  decided 
to  become  spies  for  our  adversaries.  Therefore,  the  Commission  believes  that 
renewed  efforts  must  be  madeto  strengthen  our  personnel  security  system. 
The  Commission  also  recognizes  the  necessity  for  enhancing  the  training  we 
provide  security  officers,  managers,  and  workers  in  the  importance  of  security 
and  of  their  roles  in  protecting  the  nation's  information  assets. 

Theprocesses  we  use  to  clear  personnel  in  the  Defense  and  Intelligence 
Communities  vary  widely  from  agency  to  agency.  Different  standards  are 
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applied  by  different  agencies;  clearances  are  not  readily  transferable;  and  the 
time  to  grant  a  clearance  ranges  from  a  few  weeks  in  one  agency  to  months  in 
others.  Accordingly,  we  recommend  common  standards  for  adjudications  and 
a  joint  investigative  service  to  standardize  background  investigations  and 
thus  take  advantage  of  economies  of  scale. 

Second,  information  systems  security  requires  increased  attention.  Pro¬ 
ductivity  is,  in  today's  world,  directly  relat^  to  information  systems  and 
their  connectivity.  The  Defense  and  Intelligence  Communities  are  increasingly 
dependent  on  information  systems  in  performing  their  complex  missions  on 
behalf  of  the  nation.  Information  systems  technology  is,  however,  evolving  at 
a  faster  rate  than  information  systems  security  technology.  Overcoming  the 
resulting  gap  will  require  careful  threat  assessments,  well-thought-out  invest¬ 
ment  strategies,  sufficient  funding,  and  management  attention  if  our  comput¬ 
ers  and  networks  are  to  protect  the  confidentiality,  integrity,  and  availability 
of  our  classified  and  unclassified  information  assets. 

The  Commission  believes  that  a  systems  approach  is  necessary  in  making 
decisions  about  the  application  of  seoirity  countermeasures.  By  placing  all 
the  responsibility  for  security  on  each  of  the  security  disciplines,  we  have  cre¬ 
ated  requirements  for  multiple  layers  of  security  that  add  little  value.  This  is 
particularly  apparent  in  physical  security,  where  classified  documents  may  be 
stored  in  lock^  containers  inside  locked  strong  rooms  within  secure  build¬ 
ings  in  fenced  fadlities  patrolled  by  armed  guards-overkill  even  at  the 
height  of  the  Cold  War,  much  less  in  today's  security  environment.  A  risk- 
managed  systems  approach  would  tailor  countermeasures  to  threat  and 
should  resultin  significant  savings  that  could  be  applied  to  improving  per¬ 
sonnel  and  information  systems  security,  or  to  maintaining  or  improving 
other  areas  directly  related  to  successful  performance  of  defense  and  intelli¬ 
gence  missions. 

Nowhere  will  the  payoff  from  improving  our  security  policies,  practices, 
and  procedures  be  higher  than  in  the  industrial  base  supporting  the  Defense 
and  Intelligence  Communities.  Our  current  practices  subject  industry  to  a 
bewildering  array  of  requirements  that  are  compliance-based,  inconsistent, 
and  often  contradictory.  Security  requirements  imposed  on  industry  far 
exceed  the  requirements  used  by  government  agencies  and  organizations  to 
protect  the  same  information.  While  some  budgetary  and  proprietary  infor¬ 
mation  must  be  withheld  from  some  contractors  in  order  to  preserve  competi¬ 
tion,  the  Commission  has  found  little  reason  to  treat  industry  differently  from 
government  for  security  purposes.  We  must  create  a  partnership  between 
government  and  industry  to  enhance  security,  leaving  adversarial  roles 
behind.  The  Commission  also  believes  that  our  security  policies  must  not 
unnecessarily  discourage  foreign  investment  in  American  companies  nor 
unduly  burden  our  industrial  base  in  competing  for  a  larger  share  of  the 
world's  markets. 

Central  to  the  Commission's  recommendations  is  the  immediate  forma¬ 
tion  of  a  single  organization — a  security  executive  committee  chaired  by  the 
Secretary  of  Defense  (or  his  designee)  and  the  Director  of  Central  Intelli¬ 
gence-responsible  for  the  creation  of  security  policies  and  overseeing  the 
coherent  implementation  of  those  policies  across  the  Defense  and  Intelligence 
Communities.  This  committee  would  not,  of  course,  supplant  the  existing 
statutory  authorities  of  the  Secretary  of  Defense  and  the  Director  of  Central 
Intelligence,  including  the  latter's  responsibility  to  protect  sources  and  meth- 
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ods.  Tlus  committee  would,  howB/er,  replace  numerous  existing  fora  that 
today  independently  develop  security  policies  and  procedures  that  are  often 
inconsistent  and  are  sometimes  contradictory,  a  single  source  for  security  pol¬ 
icies  should  result  in  reciprocity  with  consequential  reductions  in  cost  and 
improvements  in  efficiency.  Although  it  is  outside  the  scope  of  our  charta,  the 
Commission  also  believes  that  this  committee  should,  in  the  vay  near  future, 
be  expanded  by  the  addition  of  representatives  from  other  government 
departments  and  agencies  and  given  the  responsibility  to  formulate  govem- 
mentwide  security  policies.  The  committee,  which  should  report  to  the 
National  Security  Council,  should  oversee  the  security  system  and  have  an 
outside  advisory  panel  of  distinguished  Americana  to  ensure  that  industry, 
academia,  and  public  intaest  groups  have  a  voice  in  the  formulation  of  secu¬ 
rity  policies. 

To  facilitate  the  formulation,  implementation,  and  oversight  of  security 
policies,  practices,  and  procedures,  the  Commission  proposes  a  radical  new 
classification  system  that  greatly  simplifies  the  current  system  and  eliminates 
the  subjectivity  inherent  in  it.  The  Commission  worked  closely  with  theTask 
Force  revising  Executive  Order  12356  on  National  Security  Information  in 
analyzing  possible  changes  and  their  impacts,  and  determined  that  a  single 
level  of  classification  with  two  degrees  of  protection  should  be  adopted.  Most 
classified  information  would  be  protected  using  a  coherent  set  of  personnel, 
physical,  information  systems,  and  procedural  security  standards  and  would 
be  based  on  discretionary  need-to-know  as  currently  practiced  for  Confiden¬ 
tial  and  Secret  mataials.  Highly  sensitive  information,  such  as  that  protected 
at  the  Top  Secret,  Sensitive  Compartmented  Information,  or  Special  Access 
Program  levels  today,  would  be  protected  by  using  a  more  stringent  set  of 
standards  and  would  be  based  on  centrally  managed  need-to-know  determi¬ 
nations.  Application  of  this  system  will  be  founded  on  risk  management 
rather  than  complete  avoidance  of  all  risk  and  would  concentrate  on  security 
as  a  service  to  our  communities  in  place  of  the  compliance-based,  punitive 
approach  in  use  today. 

The  joint  Security  Commission  is  pleased  to  present  its  recommendations 
for  the  creation  of  an  improved  process  for  the  formulation,  management,  and 
oversight  of  security  policies,  practices,  and  procedures.  We  believe  that 
implementation  of  this  process  and  the  coherent  application  of  its  results 
should  ensure  that  security  countermeasures  are  chosen  to  match  the  evolv¬ 
ing  threat  and  that  inefficiencies  and  costs  are  minim&d.  The  resulting  secu¬ 
rity  system  would  treat  people  fairly  and  provide  a  balanced  mix  of  security 
n^ed  to  protect  our  information  assets,  facilities,  personnel,  and  our 
nation's  intaests. 
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Chapter  1. 

Approaching  the  Next  Century 


As  the  twentieth 
centu  y  nears  its 
end,  e\/ents 
require  that  the 
United  States 
assess  the  basic 
assumptions  and 
goais  that  guide 
the  protection  of 
government 
information, 
facilities,  and 
people 


The  first  duty  of  government  is  to  provide  security  for  its  citizens.  This 
security  takes  many  forms,  inciuding  a  strong  miiitary,  a  robust  economy,  and 
mutuaiiy  benefidai  internationai  reiationships.  in  a  democracy,  the  peopie's 
security  aiso  depends  on  the  heaith  of  the  democracy  itseif.  This,  in  turn, 
depends  on  the  protection  of  democracy's  processes  and  the  carefui  mainte¬ 
nance  of  the  baiance  between  the  right  of  the  pubiic  to  know  and  the  govern¬ 
ment's  respond biiity  to  provide  for  security. 

As  the  twentieth  century  nears  its  end,  events  require  that  the  United 
States  assess  the  basic  assumptions  and  goais  that  guide  the  protection  of  gov¬ 
ernment  information,  fadiities,  and  peopie.  Our  preoccupation  with  the  spec¬ 
ter  of  nudear  annihiiation  has  been  reduced;  the  resources  for  nationai 
security  programs  are  deciining  sharpiy;  and  the  information  age  has  irrevo- 
cabiy  aitered  the  way  we  do  business.  Concurrency,  the  continued  preemi¬ 
nent  roie  of  the  Unit^  States  in  worid  poiiticai,  miiitary,  and  economic  affairs 
makes  our  government  and  industriai  activitiesof  major  interest  to  foreign 
powers,  in  this  environment,  the  security  practices  and  procedures  that  devei- 
oped  from  Worid  War  ii  untii  the  1990s  reqiiixe  fundamentai  reexamination. 

For  sometime,  it  has  been  recognized  that  the  security  system  is  frag¬ 
mented,  compiex,  and  costiy.  The  infrastructure  Report  of  the  Community 
Management  Review  requested  by  then  Director  of  Centrai  inteiiigence(DCI) 
Robert  Gates  iabeied  current  security  poiicies  and  practices  as  the  "greatest 
deterrents  to  major  savings  in  infrastructure,"  and  recommended  the  creation 
of  aDCI  security  commission  to  design  and  impiement  a  new  security  sys¬ 
tem.  The  DCI's  Task  Force  on  Standards  of  Ciassifi cation  and  Controi  Report, 
commoniy  known  as  the  "Gries  Report,"  caiied  for  revision  of  the  dassifica- 
tion  and  controi  system  on  the  grounds  that  it  was  "unsuited  to  the  geopoiiti- 
cai  and  fiscai  reaiities..  .  in  the  1990s."  The  Guif  War  reinforced  the  miiitary's 
need  to  anaiyze  and  move  vast  amounts  of  information  to  distant  theaters  of 
operation,  industry  has  been  concerned  about  the  inconsistency  and  cost  of 
current  security  practices  and  procedures.  Congress  is  convinced  that  change 
is  necessary. 

The  Secretary  of  Defense  and  the  Director  of  Centrai  inteiiigence 
acknowiedged  these  concerns  and  estabiished  the  joint  Security  Commission 
in  May  1993.  The  Commission's  task  was  to  review  security  poiicies  and  pro¬ 
cedures  with  three  si mpie  goais:  (1)  find  what  works  and  keep  it;  (2)  deter¬ 
mine  what  no  ionger  works  and  fix  it;  and  (3)  identify  what  the  future 
demands  and  impiement  it. 

in  the  nine  months  since  its  creation,  the  joint  Security  Commission  has 
attempted  to  fuifiii  this  task  by  conducting  an  extensive  security  review 


I 


within  the  Department  of  Defense  and  the  Intelligence  Community  In  doing 
so,  the  Commission  sought  not  only  the  perspectives  of  policymakers,  the 
Congress,  industrial  leaders,  the  military,  and  public  interest  groups  but  also 
the  technical  expertise  of  government  and  industry  security  personnel.  Many 
will  recognize  their  words  and  opinions  in  the  text  of  this  report  and  we 
acknowledge  a  debt  of  gratitude  for  their  contributions.  We  also  commend  the 
many  initiatives  already  underway-such  as  those  instituted  by  the  National 
Industrial  Security  Program  and  the  DCI's  Security  Forum-to  streamline  and 
modernize  the  government'ssecurity  policies  and  practices  and  to  incorpo¬ 
rate  risk  management  strategies. 

The  Commission's  considered  opinion,  however,  is  that  these  changes 
alone  are  not  enough.  The  security  system  must  not  only  overcome  the  ineffi¬ 
ciencies  of  the  past  but  also  rise  to  the  challenges  of  the  future.  It  must  be 
dynamic,  flexible,  and  forward  looking. 

N  owhere  is  this  more  apparent  than  i  n  the  area  of  i  nformation  systems 
and  networks.  The  Commission  considers  the  security  of  information  systems 
and  networks  to  be  the  major  security  challenge  of  thisdecade  and  possibly 
the  next  century  and  believes  that  there  is  insufficient  awareness  of  the  grave 
risks  we  face  in  this  arena.  The  nation's  increased  dependence  upon  the  reli¬ 
able  performance  of  the  massive  information  systems  and  networks  that  con¬ 
trol  the  basic  functions  of  our  infrastructure  carries  with  it  an  increased 
security  risk  Never  has  information  been  more  accessible  or  more  vulnerable. 
This  vulnerability  applies  not  only  to  government  information  but  also  to  the 
information  held  by  private  citizens  and  institutions.  We  have  neither  come  to 
grips  with  the  enormity  of  the  problem  nor  devoted  the  resources  necessary  to 
understand  fully,  much  less  rise  to,  the  challenge.  Fundamental  and  very 
tough  questions  are  involved:  What  should  the  government's  role  be  in  help 
ing  to  protect  information  assets  and  intellectual  capital  that  are  in  private 
hands?  How  should  technology  developed  by  the  government  to  protect  clas¬ 
sified  information  be  provided  to  the  private  sector  for  the  protection  of  sensi¬ 
tive  but  unclassified  information?  Protecting  the  confidentiality,  integrity,  and 
availability  of  the  nation's  information  systems  and  information  assets-both 
public  and  private —  must  be  among  our  highest  national  priorities. 

The  Commission  believes  that  there  are  fundamental  weal  messes  in  the 
security  structure  and  culture  that  must  be  fixed.  Security  policy  formulation 
is  fragmented.  Multiple  groups  with  differing  interests  and  authorities  work 
independently  of  one  another  and  with  insufficient  horizontal  integration. 
Efforts  are  duplicated  and  coordination  is  arduous  and  slow.  Each  department 
or  agency  produces  its  own  implementation  rules  that  can  introduce  subtle 
changes  or  additions  to  the  overall  policy.  There  is  no  effective  mechanism  to 
ensure  commonality. 

The  Commission  believes  that  the  complexity  and  cost  of  current  security 
practices  and  procedures  are  symptoms  of  the  underlying  fragmentation  and 
cannot  be  alleviated  without  addressing  it.  We,  therefore,  propose  that  a  secu¬ 
rity  executive  committee  be  created  to  assume  responsibility  for  the  develop 
ment  and  oversight  of  security  policy  for  the  US  Government  and  to  function 
as  a  continuing  agent  of  change.  We  further  propose  that  a  security  advisory 
board  be  constituted  to  interject  a  nongovernment  and  public  interest  per¬ 
spective  into  government  security  policy.  These  proposals  are  described  in 
detail  in  chapter  11. 
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Chapter  1.  A  pproaching  the  N  ext  Centu  y 


The  problems  are 
many  and  the 
mandate  for 
change  is  strong, 
but  change  must 
be  guided  by  dear 
goais  and 
principies. 


Some  other  problems  that  we  identify  and  discuss  in  this  report  are: 

.  Countermeasures  are  frequently  out  of  balance  with  the  threat.  They 
have  too  often  been  based  on  worst-case  scenarios  rather  than  realistic  assess¬ 
ments  of  threats  and  vulnerabilities. 

•  The  classification  system  is  cumbersome  and  classifies  too  much  for  too 
long.  The  zeal  to  protect  information  has  sometimes  inhibited  the  flow  of 
information  to  those  who  need  it. 

.  Personnel  security  is  the  centerpiece  of  the  Federal  security  system,  but 
current  procedures  are  needlessly  complex  and  costly.  There  are  too  many 
inconsistencies,  too  many  forms,  and  too  much  delay. 

.  There  are  too  many  layers  of  physical  security  and  they  cost  too  much 
money  A  facility's  security  may  include  multiple  layers-fences,  alarms, 
guards,  security  containers,  access  control  devices,  closed  circuittelevision, 
locks,  and  special  construction  requirements-that  are  not  necessarily 
needed. 

.  Large  sums  have  been  spent  on  technical  security  within  the  United 
States  despite  a  minimal  level  of  threat. 

.  Procedural  security  measures  are  not  always  effective.  Elaborate 
recordkeeping  procedures  for  document  control  are  costly  and  can  no  longer 
be  relied  upon  to  deter  compromise  in  the  age  of  personal  computers,  facsim¬ 
ile  machines,  copier  equipment,  modems,  and  networks  which  offer  ample 
opportunities  to  copy  documents  without  detection.  Procedural  security  that 
is  still  necessary,  such  as  badges  and  visitor  control,  can  be  streamlined. 

.  Operations  security  (OPSEC)  is  important  and  sometimes  critical  in  a 
military  environment  and  for  sensitive  operations,  but  it  has  been  extended  to 
inappropriate  situations  and  environments. 

The  problems  are  many  and  the  mandate  for  change  is  strong  but  change 
must  be  guided  by  clear  goals  and  principles.  We  envision  security  as  a 
dynamic  and  flexible  system  guided  by  four  basic  principles: 

.  Our  security  policies  and  services  must  be  realistically  matched  to  the 
threats  we  face.  The  processes  we  use  to  formu  I  ate  pol  i  ci  es  and  del  i  ver  ser¬ 
vices  must  be  sufficiently  flexible  to  facilitate  their  evolution  as  the  threat 
changes. 

.  Our  security  policies  and  practices  must  be  consistent  and  coherent 
across  the  Defense  and  Intelligence  Communities,  thereby  reducing  inefficien¬ 
cies  and  enabling  us  to  allocate  scarce  resources  efficiently. 

.  Our  security  standards  and  procedures  must  result  in  the  fair  and  equi¬ 
table  treatment  of  the  members  of  our  communities  upon  whom  we  rely  to 
guard  the  nation's  security. 

.  Our  security  policies,  practices,  and  procedures  must  provide  the  secu¬ 
rity  we  need  at  a  price  we  can  afford. 

The  Commission  believes  that  the  application  of  these  principles  will 
make  the  security  system  less  fragmented,  less  complex,  and  more  cost  effec- 
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live.  Wealso  believe  that  the  progress  madewill  be  eroded  over  time  without 
a  fundamental  adjustment  in  the  way  security  is  viewed  and  practiced.  Secu¬ 
rity  can  no  longer  be  seen  as  an  independent,  external  authority  that  rigidly 
imposes  procedures  and  demands  compliance.  The  Commission  beliB/es  that 
it  is  time  for  a  paradigm  shift. 

.  Security  is  a  service  that  should  be  based  on  an  integrated  assessment 
of  threat,  vulnerability  and  customer  needs.  Conceptually,  it  should  be  the 
way  that  we  think  rather  than  a  manual  of  rules.  Security  then  becomes  a 
more  positive  undertaking  that  values  the  spirit  over  the  letter  of  the  law, 
problem  prevention  over  problem  resolution,  and  individual  responsibility 
over  external  oversight.  It  is  a  partnership  between  security  and  operations 
that  balances  the  need  to  protect  with  the  need  to  get  the  job  done.  Industry  is 
a  valuable  partner  and  participant  in  this  process. 

.  Security  must  come  from  an  integrated  system  that  recognizes  the 
interdependence  of  the  individual  security  disciplines  and  establishes  a  logi¬ 
cal  nexus  between  the  sensitivity  of  information  and  the  personnel,  physical, 
information,  and  technical  security  countameasures  applied  in  protecting  the 
information.  In  this  model,  the  individual  security  disciplines  are  interlocking 
pieces  of  a  puzzle,  each  critical  to  overall  success  but  none  sufficient  by  itself. 

.  Security  is  a  shared  responsibility  Each  individual  has  a  role  to  play  in 
ensuring  the  best  possible  protection  for  our  information,  personn^,  and 
assets.  Individual  and  management  accountability  for  security  actions  and 
decisions  are  prerequisites  for  dynamic  and  responsive  security  processes. 

.  Security  is  a  balance  between  opposing  equities.  The  impaative  to  pro¬ 
tect  cannot  automatically  be  allowed  to  outweigh  mission  requirements  or  the 
public's  fundamental  right-to-know  and  it  must  never  obscure  the  under¬ 
standing  that  an  informed  public  is  the  foundation  of  a  democratic  govern¬ 
ment. 


Implementing  the  New  Paradigm-Risk  Management 

In  the  past,  most  security  decisions  have  been  linked  oneway  or  another 
to  assumptions  about  threats.  These  assumptions  frequently  postulated  an  all¬ 
knowing,  highly  competent  enemy.  For  the  better  part  of  the  last  half  century, 
we  viewed  the  Soviet  Union  and  its  allies  as  capable  of  exploiting  our  every 
weakness.  Against  this  danger,  we  strove  to  avoid  security  risks  by  maximiz¬ 
ing  our  defenses  and  miiumizing  our  vulnerabilities.  Si  nee  the  future  of  the 
free  world  was  considered  highly  d^endent  on  how  successfully  we  main¬ 
tained  our  secrets,  the  costs  of  security  programs,  the  constraints  on  needed 
information  flow,  and  the  negative  impact  on  individuals  and  our  economic 
competitiveness  were  all  secondary  considerations.  We  used  worst  case  sce¬ 
narios  as  the  basis  for  most  of  our  security  planning. 

The  threats  today  are  more  diffuse,  multifaceted,  and  dynamic.  National 
security  concans  now  include  a  daunting  array  of  challenges  that  continue  to 
grow  in  diversity  in  our  unstable  and  unpredictable  world.  The  possibility  of 
failure  of  democratic  reform  in  Russia  poses  a  constant  danger.  Further,  Rus¬ 
sia's  ability  to  maintain  control  of  its  special  weapons,  China's  supplying  of 
equipment  and  technology  to  unstable  countries,  and  North  Korea's,  Iran's 
and  Iraq's  attempts  to  develop  nuclear  weapons,  have  serious  and  far-reach- 
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ing  implications  for  regional  security  and  stability.  Burgeoning  ethnic  and 
religious  rivalries  that  cross  traditional  boundaries  endanger  both  new  and 
long-standing  peace  agreements,  drawing  the  United  States  into  an  expand¬ 
ing  role  in  peacekeeping  and  humamtarian  missions.  The  bombing  of  the 
World  Trade  Center  and  the  assassination  of  two  CIA  employees  in  Via 
heightened  our  sensitivity  to  the  fact  that  terrorist  activities  against  Ameri¬ 
cans  can  occur  domestically  as  well  as  abroad.  Violent  crime  and  narcotics 
trafficking  in  our  neighborhoods  also  continue  to  threaten  American  lives  and 
values. 

The  Commission  recognizes  that  the  consequences  of  failures  to  protect 
against  some  of  these  threats  are  exceptionally  dire.  For  instance,  terrorists' 
use  of  weapons  of  mass  destruction,  or  an  adversary's  foreknowledge  of  our 
battle  plans,  could  have  consequences  so  grave  as  to  demand  the  highest  rea¬ 
sonably  attainable  standard  of  security.  This  is  true  even  if  the  probability  of  a 
succes^ul  attack  is  small  and  the  cost  of  protection  is  high.  Some  inherent  vul¬ 
nerabilities  can  never  be  eliminated  fully,  nor  would  the  cost  and  benefit  war¬ 
rant  this  risk  avoidance  approach.  In  most  cases,  however,  it  is  possible  to 
balance  the  risk  of  loss  or  damage  of  disclosure  against  the  costs  of  counter¬ 
measures  and  select  a  mix  that  provides  adequate  protection  without  exces¬ 
sive  cost  in  dollars  or  in  the  efficient  flow  of  information  to  those  who  require 
ready  access  to  it.  We  can  and  must  provide  a  rational,  cost-effective,  and 
enduring  framework  using  risk  management  as  the  underlying  basis  for  secu¬ 
rity  decisionmaking. 

The  Commission  views  the  risk  management  process  as  a  five-step  proce¬ 
dure: 

1.  Asset  valuation  and  judgment  about  consequ&ice  of  loss.  We  determine 
what  is  to  be  protected  and  appraise  its  value.  Part  of  asset  valuation  is  under¬ 
standing  that  assets  may  have  a  value  to  an  adversary  that  is  different  from 
their  value  to  us. 

2.  Identification  and  characterization  of  the  threats  to  specific  assets.  Intelli¬ 
gence  assessments  must  address  threats  to  the  asset  in  as  much  detail  as  possi¬ 
ble,  based  on  the  needs  of  the  customer.  These  assessments  may  be. 
commissioned  at  the  national  level  to  feed  the  development  of  security  poli¬ 
cies  and  standards,  at  the  program  level  to  guide  systems  design,  or  in  plan¬ 
ning  intelligence  support  for  military  or  other  operations. 

3.  Identification  and  characterization  of  the  vulnerability  of  specific  assets.  Vul¬ 
nerability  assessments  help  us  identify  weaknesses  in  the  asset  that  could  be 
exploited.  The  manager  may  then  be  able  to  make  design  or  operational 
changes  to  reduce  risk  levels  by  altering  the  nature  of  the  asset  itsdf.  Cost  is 
an  important  factor  in  these  decisions,  as  design  changes  can  be  expensive 

I  and  can  impact  other  mission  areas. 

'  4.  Identification  of  countermeasures,  costs,  and  tradeoffs.  There  may  be  a  num- 

!  ber  of  different  countermeasures  available  to  protect  an  asset,  each  with  vary¬ 
ing  costs  and  effectiveness.  In  many  cases,  there  is  a  point  beyond  which 
adding  countermeasures  will  raise  costs  without  appreciably  enhancing  the 
protection  afforded. 

5.  Risk  assessment.  Asset  valuation,  threat  analysis,  and  vulnerability 
assessments  are  considered,  along  with  the  acceptable  level  of  risk  and  any 
uncertainties,  to  decide  how  great  isthe  risk  and  what  countermeasures  to 
apply. 


This  process  is  depicted  in  the  following  figure: 
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Figure l.TheR isk Management  Process 


When  any  of  these  steps  are  left  out,  the  result  can  either  be  inadequate 
protection  or  unnecessary  and  overly  expensive  protection.  Frequently,  the 
missing  element  is  the  incorporation  of  specific,  up-to-date  threat  assessments 
in  the  development  of  security  policies.  With  no  documented  threat  informa¬ 
tion,  countermeasures  are  often  based  on  worst  case  scenarios. 

The  Commission  stresses  that  managers  must  make  tradeoffs  during  the 
decision  phase  between  cost  and  risk,  balancing  the  cost  in  dollars,  man¬ 
power,  and  decreased  flow  of  needed  information  against  possible  asset  com¬ 
promise  or  loss.  Policy  decisions  resulting  from  the  risk  management  process 
can  then  guide  security  planning.  At  the  national  level,  these  risk  manage¬ 
ment  decisions  should  form  the  backbone  of,  and  provide  the  standards  for, 
the  security  system.  The  resulting  standards  would  promote  consistency, 
coherence,  and  reciprocity  across  programs  and  agencies. 
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[Classification] 
deals  with  only  a 
small  slice  of  the 
government 
information  that 
requires  protection 
although  ii  drives 
the  govern  men  t's 
security  apparatus 
and  most  of  its 
costs. 


Classification-Driving  Security 

The  classification  system  is  designed  primarily  to  protect  the  confidential¬ 
ity  of  certain  military,  foreign  policy,  and  intelligence  information.  It  deals 
with  only  a  small  slice  of  the  government  information  that  requires  protection 
although  it  drives  the  government's  security  apparatus  and  most  of  its  costs. 

Despite  the  best  of  intentions,  the  classification  system,  largely 
unchanged  since  the  Eisenhower  administration,  has  grown  out  of  control. 
More  information  is  being  classified  and  for  extended  periods  of  time.  Secu¬ 
rity  rules  proliferate,  becoming  more  complex  yet  remaining  unrelated  to  the 
threat.  Security  costs  increase  as  inconsistent  requirements  are  imposed  by 
different  agencies  or  by  different  program  managers  within  the  same  agency. 

This  accretion  of  security  rules  and  requirements  to  protect  classified 
information  does  not  make  the  system  work  better.  Indeed,  the  classification 
system  is  not  trusted  on  the  inside  any  more  than  it  is  trusted  on  the  outside. 
Insiders  do  not  trust  it  to  protect  information  that  needs  protection.  Outsiders 
do  not  trust  it  to  release  information  that  does  not  need  protection. 

This  Cold  War  classification  system  can  be  simplified.  In  place  of  more 
than  12  levels  of  protection  and  widely  differing  and  inconsistent  security  pol¬ 
icies  and  practices,  theCommission  recommends  a  single,  rational,  govem- 
mentwide  standard  for  the  protection  of  classified  information. 


The  Current  Classification  System — 

Cumbersome  and  Confusing 

The  classification  system  is  more  complex  than  necessary.  Classification  is 
inherently  subjective  and  the  current  system  inappropriately  linkslevelsof 
classification  with  levels  of  protection. 

The  current  classification  system  starts  with  three  levels  of  classification 
(Confidential,  Secret,  and  Top  Secret),  often  referred  to  collectively  as  collat¬ 
eral.  Layered  on  top  of  these  three  levels  are  at  least  nine  additional  protection 
categories.  These  include  Department  of  Defense  Special  Access  Programs 
(DoD  SAPs),  Department  of  Energy  Special  Access  Programs,  Director  of  Cen¬ 
tral  Intelligence  Sensitive  Compartmented  Information  Programs  (EXZI  SCI), 
and  other  material  controlled  by  special  access  or  'bigot"  lists'  such  as  the 
war  plans  of  thejoint  Chiefs  of  Staff  and  the  operational  files  and  source 
information  of  the  CIA  Operations  Directorate.  Further  complicating  the  sys¬ 
tem  are  restrictive  markings  and  dissemination  controls  such  as  ORCON  (dis- 
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semination  and  extraction  of  information  controlled  by  originator),  NOFORN 
(not  releasable  to  foreign  nationals),  and  "Eyes  Only." 


Classification 

Levels  of  Protection 

TOP  SECRET 

TS-BIGOTLIST 

Ts-sci  Its- DoDSAP 

SECRET 

S  -BIGOTLIST 

S  -  SCI  IS-  DoD  SAP 

CONFIDENTIAL 

C  -  BIGOT  LIST  C-sa  C  -DoDSAP 

UNCLASSIFIED 

Figure  l.TheC  urrent  Classification  System 


Currently,  proper  classification  depends  on  assessing  the  expected  dam¬ 
age  JO  national  security  caused  by  unauthorized  disclosure  of  the  information. 
Information  is  classified  as  Confidential  if  damage  is  expected  to  occur.  Secret 
is  used  if  serious  damage  will  result.  Information  is  Top  Secret  only  if  excep¬ 
tionally  grave  damage  will  occur.  However,  because  it  is  difficult  to  precisely 
define  levels  of  damage,  reasonable  persons  can  and  do  differ  in  their  evalua¬ 
tion.  Yet,  it  is  not  even  clear  why  the  effort  to  assess  damage  should  be  made 
since  the  protection  required  is  not  dependent  on  the  level  of  damage.  For 
exrraple,  greater  protection  is  provided  for  Secret  information  in  SCI  chan¬ 
nels,  disclosure  of  which  would  cause  "serious  damage"  to  national  security, 
than  for  Top  Secret  information  that  is  not  within  a  special  access  program, 
disclosure  of  which  would  cause  "exceptionally  grave  damage."  M  oreover, 
from  a  Freedom  of  Information  or  an  Espionage  Act  standpoint,  the  sig¬ 
nificant  issue  is  whether  the  information  is  classified,  not  the  level  at  which  it 
is  classified. 

We  conclude  that  there  is  no  need  for  levels  of  classification.  Information 
is  not  more  classified  or  less  classified.  It  either  is  classified  or  it  is  not.  Indeed, 
thinking  about  information  as  more  or  less  classified  has  led  to  statements 
that  information  is  “oniy  Confidential"  or  "only  Secret."  This  thinking  also 
has  led  to  efforts  to  link  classification  levels  with  the  length  of  time  protection 
is  required.  Yet  we  know  that  some  Top  Secret  information,  such  as  an  inva¬ 
sion  date,  may  need  to  be  protected  for  days,  while  some  Secret  information, 
like  the  identity  of  a  confidential  source,  may  need  to  be  protected  for 
decades. 

Special  Access  Programs-Lacking  Faith  in  the  System 


There  is  no  need 
for  le\/els  of 
classification. 
Information  is 
not  more 
classified  or  less 
classified. 


Special  access  programs^  are  used  to  compensate  for  the  fact  that  the  clas¬ 
sification  system  is  not  trusted  to  protect  information  effectively  and  does  not 
adequately  enforce  the  "need  to  know"  principle.  For  example,  the  Top  Secret 
classification  is  supposed  to  protect  information  that,  if  improperly  disclosed, 
would  result  in  exceptionally  grave  damage  to  the  national  security.  Yet,  the 
perception  is  that  the  "regular"  classification  system  cannot  protect  such 
information  because  it  has  no  provision  for  limiting  which  cleared  persons 
have  access  to  the  information. 

In  the  1980s,  as  confidence  in  the  traditional  classification  system 
declined,  more  and  more  information  was  put  into  SAP  and  SQ  compart- 
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ments  based  on  assertions  that  the  regular  classification  system  provided 
inadequate  need-t&now  restrictions.  The  special  access  system  gave  the  pro¬ 
gram  manager  the  ability  to  decide  who  had  a  need-to-know  and  thus  to 
strictly  control  access  to  the  information.  But  elaborate,  costly,  and  largely 
separate  structures  emaged.  According  to  some,  the  system  has  grown  out  of 
control  with  each  SAP  program  manager  able  to  set  independent  security 
rules. 

The  Department  of  Defense  divides  these  programs  into  three  categories: 
acquisition,  intelligence,  and  operations  and  support.^  Programs  in  these  cat6( 
gories  are  further  defined  as  either  acknowledged  or  unacknowledged!  Some 
of  the  most  sensitive  DoD  programs  are  "waived"  or  "carved  out"  from  cer¬ 
tain  ovasight  and  administrative  requirements.  Thae  are  over  one  hundred 
DoD  SAPs,  with  many  having  numerous  compartments  and  subcompart¬ 
ments,  designed  to  further  segr^ate  and  limit  access  to  information.  Each 
special  access  program  manager  is  free  to  establish  the  security  rules  that  will 
apply  to  his  or  her  particular  program. 

Within  the  Intelligence  Community,  the  term  Sensitive  Compartmented 
Information  (sa)  refers  to  data  about  sophisticated  technical  collection  sys¬ 
tems,  information  collected  by  those  systems,  and  information  concerning  or 
derived  from  particularly  sensitive  methods  or  analytical  processes.  Specific 
sa  control  systems  serve  as  umbrellas  for  protecting  a  type  of  collection 
effort  or  a  type  of  information.  Within  each  SCI  system  are  compartments  and 
within  them,  subcompartments,  all  designed  to  formally  segr^atedata  and 
restrict  access  to  it  to  those  with  a  need-to-know,  as  determined  by  a  central 
authority  for  each  system.  There  are  over  300  SO  compartments  (recently 
reduced  from  over  800)  grouped  into  a  dozen  or  so  control  channels.  Special 
activities  have  their  own  non-sa  control  channels.  Rules  relating  to  SQ  pro¬ 
grams  are  found  in  Da  Directives  (DODs),  but  implementation  is  uneven 
and  minimum  standards  are  often  exceeded. 

In  addition  to  the  formal  SAP,  sa,  and  covert  action  control  channels, 
strict  need-to-know  access  restrictions  also  are  imposed  for  other  types  of 
information  within  the  DoD  and  the  Intelligence  Community.  These  include 
information  identifying  intelligence  sources  and  liaison  relationships,  as  well 
as  information  about  military  plans,  such  as  the  Single  Integrated  Operations 
Plan  (SIOP)  for  strategic  nuclear  war  or  the  battle  plan  for  the  invasion  of  Iraq 
during  the  Gulf  War.  Access  to  such  information  is  generally  controlled  by 
access  or  bigot  lists. 

The  Conmusaon  agrees  that  some  types  of  classified  information,  such  as 
identities  of  intelligence  sources,  information  about  sensitive  intelligence 
methods,  plans  for  operations,  and  technological  advances  that  provide  our 
military  forces  unique  advantages  on  the  battlefield,  may  require  more  protec¬ 
tion  than  others.  However,  we  do  not  agree  that  each  ^P  manager  needs  to 
establish  a  unique  set  of  security  rules,  or  that  SAP  security  rules  and  SCI 
security  rules  need  to  be  different.  Current  practice  has  begun  to  recognize 
this  fact  and  to  coalesce  around  two  standards:  one  for  Confidential  and 
Secret,  the  other  for  Top  Secret  and  SAPs/SCI.  I  n  pasonnel  security,  for  exam¬ 
ple,  agencies  do  not  have  separate  clearance  standards  for  Confidential  and 
Secret.  And  a  single  clearance  standard  for  Top  Secret  and  sa  is  evolving 
with  DoD  SAPs  b^inning  to  follow  this  standard,  even  though  program 
managers  today  have  the  authority  to  impose  their  own  standards  and  many 
do  so. 


A  New  System-Streamlined  and  Straightforward 


The  opportunity  to  change  the  cl  ossification  system  comes  at  an  impor¬ 
tant  point  in  our  history.  In  this  post-Cold  War  period,  we  can  move  away 
from  a  strategy  that  has  been  characterized  as  something  close  to  total  risk 
avoidance  and  develop  instead  an  approach  more  clearly  based  on  risk  man¬ 
agement.  Wecontinueto  recognize  that  there  is  information  that  needs  the 
protection  of  the  classification  system  and  that  there  are  costs  associated  with 
the  unauthorized  disclosure  of  information  vital  to  the  national  security.  But 
we  also  recognize  that  in  a  democracy  the  public  needs  access  to  information 
about  what  its  government  is  doing  and  that  there  are  significant  costs  associ¬ 
ated  with  keeping  information  classified  and  tightly  controlled.  In  sum,  it  is 
important  to  consider  the  political,  economic,  and  opportunity  costs  of  classi¬ 
fying  information,  as  well  as  the  costs  of  failing  to  classify  information. 

The  Commission  finds  that  the  costly  and  complicated  bureaucracy  that 
provides  security  is  a  reflection  of  the  underlying  complexity  of  the  classifica- 
ti  on  management  system.  The  Commission  bel  i  eves  that  a  I  ess  compi  i  cated 
system  can  help  correct  the  current  approach  that  has  led  to  classifying  too 
much  at  too  high  a  level  and  for  too  long.  We  propose  a  new  one-level  classifi¬ 
cation  system.  Under  this  system,  information  either  is  classified  or  it  is  not. 
There  would  be  a  single  legal  definition  of  classified  information  and  no  need 
to  pretend  that  we  can  precisely  measure  the  amount  of  damage  to  national 
security  that  would  be  caused  by  an  unauthorized  disclosure. 

Two  degrees  of  protection  will  be  available,  instead  of  the  dozen  or  so 
now  used.  Information  either  will  be  generally  protected  (labeled  SECRET)  or 
specially  protected  (labeled  SECRET  COMPARTMENTED  ACCESS).  Each 
protection  level  would  be  defined  both  in  terms  of  the  type  of  information  to 
be  included  and  the  type  of  protection.  The  protections  available  for  each 
level  will  be  standardized.  Most  special  handling  and  dissemination  mark¬ 
ings  will  be  unnecessary  and  special  access  controls  will  be  integral  to,  rather 
than  added  onto,  the  cl  ossification  system.  In  addition,  only  certain  clearly 
defined  categories  of  information  will  qualify  for  special  protection  and  only 
in  certain  clearly  defined  circumstances. 
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Classification  | 

Levels  of  Protection 

Classified  1  SECRET 

SECRET  CONTROLLED  ACCESS 

Unclassified  |  1 

Figures.  The  Proposed  Classification  System 


The  vast  majority  of  classified  information  would  be  generally  protected 
to  promote  the  availability  and  accessibility  of  the  information.  Baseline  secu¬ 
rity  protection  standards  will  be  established  and  discretionary  need-to-know 
would  apply;  a  cleared  individual  could  determine  whether  to  pass  the  infor¬ 
mation  to  another  cleared  individual.  Generally  protected  information  would 
incorporate  current  Confidential  and  Secret  documents,  which  will  not  have 
to  be  remarked. 

The  Commission  recognizes  that  most  departments  and  agencies  have, 
and  will  want  to  continue,  procedures  that  govern  the  manner  in  which  Secret 


10 


Chapter  2.  Classification  Management 


Simplify  the 
classification 
system  and 
simplification  of 
the  security 
system  will  follow. 


information  is  disseminated  within  their  organizations.  Some  may  also  wish 
to  maintain  limited  control  on  their  information  that  is  passed  to  other  agen¬ 
cies,  such  as  a  requirement  that  the  recipient  agency  not  pass  the  information 
on  to  a  third  agency  without  obtaining  permission  from  the  originating 
agency.  Finally,  there  may  be  unique  problems  that  arise  in  implementing  this 
new  approach  that  require  an  exemption  from  general  rules,  such  as  the  man¬ 
ner  in  which  CINCs  communicate  with  Navy  vessels.  The  Commission  recog¬ 
nizes  the  need  for  flexibility,  but  does  not  want  to  lose  the  advantages  of  the 
new  system  through  creating  loopholes  by,  for  example,  permitting  heads  of 
departments  and  agencies  to  create  "mini  SAPs"  by  imposing  dissemination 
controls.  Therefore,  the  Commission  recommends  that  heads  of  departments 
or  agencies  be  permitted  to  establish  dissemination  controls  on  Secret  infor¬ 
mation  only  upon  approval  of  the  security  executive  committee  proposed  in 
chapter  11. 

As  a  result  of  risk  analysis,  a  limited  amount  of  information  would  be 
specially  protected  as  Secret  Compartmented  Access  information.  Enhanced 
security  protection  standards  would  apply,  requiring  a  higher  clearance  stan¬ 
dard  for  access  and  a  centralized  need-to-know  control  structure  provided  by 
an  access  or  bigot  list.  Compartmented  access  information  would  incorporate 
most  current  Top  Secret,  Special  Access,  and  Sensitive  Compartmented  Infor¬ 
mation. 

The  Commission  fmds  that  classification  management  is  the  "operating 
system"  of  the  security  world.  Classification  drives  the  way  much  of  security 
policies  are  implemented  and  security  practices  are  carried  out.  Standards, 
organizations,  procedures,  and  policies  governing  everything  from  the  levels 
of  security  clearance,  to  procedures  for  processing  information,  to  sentencing 
guidelines  for  individuals  convicted  of  espionage  are  based  on  our  existing 
classification  structure.  The  complexity  of  the  existing  classification  system  is 
the  root  cause  for  much  of  the  confusion  of  the  existing  security  system.^  Sim¬ 
plify  the  classification  system  and  simplification  of  the  security  system  will 
follow. 

The  Commission  notes  that  the  existing  classification  management  sys¬ 
tem  is  evolving  naturally  into  a  two-level  system.  Confidential  and  Secret 
information  is  handled  using  similar  or  identical  standards.  Top  Secret,  SCI, 
and  SAP  information  is  protected  using  more  stringent  and  substantially 
common  standards.  The  Commission  believes  that  this  natural  occuring  divi¬ 
sion  forms  an  excellent  basis  for  an  improved  classification  system. 

The  proposed  system  will  better  relate  needed  asset  protection  to  security 
countermeasures.  In  place  of  the  myriad  investigative  and  adjudicative 
requirements  and  the  differing  physical  security  standards,  two  security  stan¬ 
dards,  based  on  analysis  of  risk,  would  be  developed  to  guide  application  of 
the  two  degrees  of  protection  for  these  security  disciplines.  Procedures  for 
securing  classified  information  would  likewise  have  only  two  standards.  Sim¬ 
ilar  simplifications  would  follow  throughout  the  rest  of  the  security  system. 


The  Commission  recommends  the  estabiishment  of  a  one-level  clas¬ 
sification  system  with  two  degrees  of  protection. 
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A  Simplified  Controlled  Access  System 

The  Commission  concludes  that  the  current  special  access  system  needs 
to  be  simplified.  Enhanced  security  protection  can  be  achieved  with  lesscom- 
partmentati  on  and  fewer  barriers  to  the  flow  of  information.  Instead  of  the 
current  complicated  system  with  the  multiple  control  officers  and  multiple 
control  channels,  information  requiring  special  protection  would  be  marked 
SECRET  COMPAKTMENTED  ACCESS  and  would  carry  a  designator,  such  as 
a  codeword  or  number,  identifying  the  relevant  access  list.  A  single  specially 
protected  information  control  officer  and  channel  would  replace  the  panoply 
of  structures  and  systems  for  protecting  SCI,  SAPs,  or  bigot  list  controlled 
access  information. 

Thus,  instead  of  the  structure  shown  below  in  figure  4: 


!l 


digraphs/ 

control 

programs 

tiigraphs 

S3^teins 

Figure 4.  Current  Special  Access  Programs  Structure 

We  propose  the  following  structure: 


COMPARTMENTED  ACCESS  SYSTEM 


COMPARTMENTS 


Figure  5.  Proposed  Sped  Access  Programs  Structure 
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The  Commission  recommends  that: 

a)  All  special  access,  SCI,  covert  action  control  systems,  war  plans 
and  bigot  list  activities  be  integrated  into  the  new  classification  sys¬ 
tem. 

b)  A  single  control  channel  for  SECRET  COM  PARTM  ENTED 
ACCESS  information,  with  a  codeword  for  each  need-to-know  list^ 
replace  all  existing  special  control  channels. 


Steps  will  be  taken 
to  limit  the 
amount  of 
information  that 
is  specially 
protected  and  to 
pre\/ent  the 
migration  of 
information  from 
the  generally 
protected  /eve/  to 
the  specially 
protected  /eve/. 


Limiting  Use  of  Speciai  Access  Controis 

The  Commission  conciudes  that  simpiifying  the  system  wiii  aid  in  identi¬ 
fying  and  better  protecting  information  that  reaiiy  needs  enhanced  security 
protection.  Viewing  information  as  part  of  a  speciai  access  program  often 
meant  that  everything  in  the  program  had  to  becompartmented.  Anaiyzing 
the  impact  of  the  ioss  of  specific  information  focuses  attention  on  what  needs 
speciai  protection  and  what  does  not,  and  wouid  resuit  in  iess  information 
being  piaced  at  the  compartmented  access  ievei. 

Steps  wiii  be  taken  to  iimit  the  amount  of  information  that  is  speciai iy 
protect^  and  to  prevent  the  migration  of  information  from  the  generaiiy  pro¬ 
tected  ievei  to  the  speciaiiy  protected  ievei.  A  first  step  is  to  identify  deariy  in 
an  executive  order  those  iimited  categories  of  information  quaiifying  for  spe¬ 
ciai  protection. 

The  Commisaon  suggests  the  foii owing  categories  of  information  be  con- 
si  daed  for  speciai  protection: 

•  A  technology  application  that  provides  a  significant  battlefield  edge 

and  that  could  be  copied  or  countered  if  key  information  were  disclosed  to  a 
potential  advasary. 

•  A  sensitive  military  operation  or  plans  for  the  operation  in  circum¬ 
stances  in  which  disclosure  might  impair  its  current  or  future  success. 

•  A  fragile  intelligence  method  when  the  opposition  is  not  aware  of 
eitha  the  fact,  or  special  capabilities  of  the  method  and,  were  they  to  become 
aware  of  it,  could  employ  countermeasures  to  deny  us  information  or  use 
deception  to  feed  the  US  incorrect  information. 

.  A  human  source  in  circumstances  in  which  the  US  would  lose  its  abil¬ 
ity  to  use  the  source  and/  or  the  source  or  the  source's  family  is  likely  to  be 
harmed. 

•  A  sensitive  intelligence,  counterintelligence,  or  special  activity  in  cir¬ 
cumstances  in  which  disclosure  would  impair  its  success. 

•  Information  that  would  impair  US  cryptologic  systems  or  activities. 
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.  Sensitive  poiicy  issues  or  reiationships  with  a  foreign  government 

which,  if  revealed,  would  significantly  harm  foreign  government  cooperation 
with  the  US. 

.  A  US  negotiating  position  in  circumstances  in  which  such  disclosure 
would  cause  us  to  lose  a  negotiating  advantage. 

.  Scientific  and  technical  information  that  describes  the  design  of  weap¬ 
ons  of  mass  destruction  that  could  significantly  assist  others  to  develop  or  to 
improve  such  weapons,  or  to  significantly  enhance  their  ability  to  circumvent 
the  control  features  of  such  weapons. 


The  Commission  recommends  that  compartmented  access  be  con¬ 
sidered  for  the  categories  of  information  detailed  above  and  any 
other  categories  of  equally  sensitive  Information,  and  that  all  cur¬ 
rent  and  future  Special  Access  Programs,  war  plans  requiring  lim¬ 
ited  access  controls.  Sensitive  Compartmented  Information,  covert 
action  control  systems,  and  bigot  lists  be  reviewed  and  validated 
agaiitst  that  list. 


Perhaps  the  greatest  weakness  in  the  entire  system  is  that  critical  specially 
protected  information  within  the  various  DoD  and  SCI  compartments  is  not 
clearly  identified.  Individualswithin  government  and  industry  are  forced  to 
protect  everything  within  a  particular  compartment,  rather  than  just  the  small 
amount  of  information  that  truly  needs  compartmented  access  status  and 
need-to-know  controls. 

One  general  officer  likened  the  situation  to  trying  to  protect  every  blade  of 
grass  on  a  baseball  field.  He  had  to  have  a  hundred  players  to  guard  the 
entire  field,  whei  only  four  persons  to  protect  home  plate  would  suffice. 

The  Commission  believes  a  rigorous  review  is  needed  to  identify  and  sep¬ 
arate  the  information  that  will  continue  to  require  special  protection  from  that 
which  does  not.  Such  a  review  will  allow  many  compartmented  access  com¬ 
partments  to  be  eliminated  and  will  permit  the  consolidation  of  critical  data 
within  fewer  remaining  compartments. 


Critical  specially 
protected 
information 
within  the 
various  DoD 
and  SCI 
compartments 
is  not  clearly 
identified. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
D  i rector  of  C  entral  I  ntel I i gence  direct  that  managers  for  each  com¬ 
partmented  access  system  undertake  a  review  to  identify  informa¬ 
tion  within  all  compartments  and  subcompartments  that  requires 
continued  special  protection.  This  information  should  be  consoli¬ 
dated  in  the  fewest  compartments  possible. 
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Uniform  risk 
assessment 
criteria  do  not 
exist  for 
establishing, 
designating, 
managing,  and 
disestablishing 
SAP  and  SCI 
compartments. 


Uniform  Risk  Criteria  for  Secret 
Compartmented  Access  Information 

The  Commission  believes  that  decisions  to  require  special  protection  for 
sensitive  information  and  activities  should  be  consistently  made  based  on 
common  risk  management  principles. 

The  Commission  found  that  uniform  risk  assessment  criteria  do  not  exist 
for  establishing,  designating,  managing,  and  disestablishing  SAP  and  SCI 
compartments.  Each  component  develops  its  own  procedures  for  assessing 
the  risks  dictating  compartmented  access  protection,  often  with  little  external 
guidance  or  oversight.  Some  elements  place  unclassified  technologies  and 
independent  research  and  development  efforts  directly  under  special  protec¬ 
tion  as  soon  as  a  promising  military  application  is  discovered.  Others  do  not, 
and  thus  disparities  exist  among  agencies  in  the  way  the  same  basic  technol¬ 
ogy  or  application  is  classified,  designated,  and  protected. 

The  decision  to  designate  a  DoD  SAP  as  unacknowledged  radically 
increases  its  cost  and  severely  inhibits  oversight,  coordination,  and  integra¬ 
tion  with  other  similar  programs.  Critics  advised  the  Commission  that  state  of 
the  art  advances  and  efficiency  gains  may  be  sacrificed  or  significantly  hin¬ 
dered  once  a  technology- based  program  is  brought  under  special  controls.  If 
an  acquisition  SAP  is  unacknowledged,  others  working  in  the  same  technol¬ 
ogy  area  may  be  unaware  that  another  agency  is  developing  a  program.  The 
government  may  pay  several  times  over  for  the  same  technology  or  applica¬ 
tion  developed  under  different  special  programs  within  different  agencies. 

Two  military  services  and  the  DoE  have  programs  involving  the  same  tech¬ 
nological  application.  One  milita  y  service  classified  its  program  as  Top 
Secret  Special  Access  with  a  deadly  force  protection  requirement.  The  other 
military  service  classified  its  program  as  Secret  Special  A  ccess  with  little 
more  than  tight  need-to-know  protection  applied.  The  DoE  classified  its 
program  as  collateral  Secret,  adopting  discretionary  need-to-know  proce 
dures. 

Despite  the  fact  that  the  Commission  did  find  one  or  two  examples  of 
programs  coordinating  common  technology  or  scientific  issues,  the 
potential  still  exists  for  disconnects  in  coordination  and  integration  among 
various  DoD  SAPs  and  non- SAP  programs.  In  the  above  example,  the  three 
government  agency  program  managers  are  aware  of  the  other  programs,  but 
refuse  to  devise  a  common  protection  standard.  This  problem  is  not  uncom¬ 
mon.  The  strict  SAP  control  inhibits  the  flow  of  information.  One  result  is  that 
comparable  advances  in  state-of-the-art  technology  by  related  noncompart- 
mented  government  research  efforts  are  not  readily  accepted  by  some  SAP 
managers  as  valid  reasons  to  decompartment  their  programs.  The  govern¬ 
ment  pays  a  high  cost  when  this  occurs.  Continuing  special  security  controls 
when  they  may  not  be  necessary  is  expensive.  But,  the  controls  are  probably 
much  less  costly  than  the  lost  opportunities  caused  by  inhibiting  non-govem- 
mental  research  initiatives  with  potential  payoffs  for  the  SAP  itself. 

The  Commission  applauds  the  DoD's  action  to  establish  joint  coordina¬ 
tion  and  review  of  Stealth  and  related  low-observable  technologies  developed 
by  numerous  special  programs.  However,  this  effort  should  be  expanded  to 
achieve  integration  across  the  DoD  components  and  non-DoD  agencies  in 
other  areas  of  technol  ogy  to  reduce  apparent  gaps  in  the  integration  of  SA  P 
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decisions  with  national -level  science  and  technology  intelligence,  counterin¬ 
telligence,  and  counterproliferation  intelligence  analysis.  Again,  using  the 
example  above,  a  common  security  standard  is  needed  to  reduce  conflicting 
analyses  regarding  the  true  state-of-the-art  or  the  actual  threat  to  advanced 
technologies  that  in  turn  leads  to  the  application  of  varying  degrees  of  secu¬ 
rity  and  the  resulting  costs. 

There  also  is  the  need  for  coordination  of  DoD  special  program  issues  and 
decisions  with  other  governmental  interests,  such  as  foreign  relations  with  the 
Department  of  State  and  national  intelligence  issues  with  the  Director  of  Cen¬ 
tral  Intelligence.  In  the  past,  decisions  were  made  not  to  brief  the  Director  of 
Central  Intelligence  on  certain  DoD  programs  that  affected  national  intelli¬ 
gence  interests.  Such  decisions  can  occur  when  senior-level  personnel  are  not 
made  aware  of,  for  example,  the  existence  of  a  subcompartment  or  the  impact 
of  certain  activities  under  special  programs. 

The  Commission's  recommendations  on  threat  assessment  and  risk  man¬ 
agement  should  be  followed  in  determining  whether  and  how  special  protec¬ 
tion  is  to  be  applied,  especially  with  respect  to  unacknowledg^  programs. 
This  criteria  should  form  the  basis  for  decisions  made  on  special  protection 
throughout  the  government. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence: 

a)  Establish  uniform  risk  assessment  criteria  for  the  consider¬ 
ation,  designation,  review,  management  and  decompartmentation 
of  information  requiring  special  protection, 

b)  Conduct  independent  risk  assessments  of  the  unacknowl¬ 
edged  status  of  compartmented  access  programs,  based  upon  all¬ 
source  analysis  of  relevant  intelligence  and  counterintelligence 
information. 

c)  Review  similar  compartmented  access  programs  to  ensure  reci¬ 
procity  and  eliminate  redundancy. 

d)  Institute  a  formal  mechanism  to  review  designation,  coordina¬ 
tion,  and  integration  issues  related  to  compartmented  access  pro¬ 
grams  to  ensure  that  the  DoD  elements,  the  Intelligence 
Community,  the  Departments  of  State,  Energy,  Commerce,  and  oth¬ 
ers  are  advised  of  compartmented  access  program  issues  affecting 
their  interests. 


Currently,  SAP  security  policies  are  developed  independently  by  individ¬ 
ual  program  managers.  Within  the  Intelligence  Community,  actual  SCI  pro¬ 
gram  practices  often  exceed  the  DCID  standard.  The  Commission  found  that 
many  of  the  problems  with  theSAPs  and  theSCI  programs  are  dueto  obso¬ 
lete  security  standards  and  inconsistent,  program-specific  applications.  The 
conflicting  policies  of  the  DoD  and  Intelligence  Community  elements  add  sig¬ 
nificant  unnecessary  expense  to  the  system,  with  no  appreciable  increase  in 
security.  Common  standards  for  special  protection  would  bring  coherence  to 
the  DoD  and  Intelligence  Communities,  and  bridge  the  gap  between  the 
DoDs  SAPs  and  the  DCI's  SQ  programs. 
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R  eci  procity, 
integration,  and 
the  abiiity  to 
controi  overaii 
costs  requires  that 
a  uni  for  nn 
standard  be 
followed  in  nnost 
cases. 


Under  the  new  classification  scheme,  the  security  executive  committee, 
described  in  chapter  11,  will  work  with  security  professionals  and  program 
managers  to  develop  a  single  uniform  security  policy  and  set  of  standards 
adequate  to  protect  all  DoD  and  Intelligence  Community  special  programs. 
As  a  consequence,  there  no  longer  would  bethe  wide  variances  in  security 
practices  that  significantly  raise  costs,  particularly  in  industry  Managers  of 
special  programs  would  not  be  granted  unbridled  discretion  in  deciding 
which  security  measures  to  employ,  but  they  would  be  allowed  to  waive 
down  from  the  standard  in  circumstances  in  which  reciprocity  is  not  affected: 
In  sum,  reciprocity,  integration,  and  the  ability  to  control  overall  costs  requires 
that  a  uniform  standard  be  followed  in  most  cases,  but  exceptions  could  be 
made  in  appropriate  circumstances. 


The  Commission  recommends  that: 

a)  A  single,  consolidated  policy  and  set  of  security  standards  be 
established  for  Secret  Compartmented  Access  information,  includ¬ 
ing  all  current  SAFs,  SCI,  covert  action,  and  the  various  bigot  list 
programs. 

b)  Standards  contain  some  flexibility,  but  waivers  down  from 
compartmented  access  security  measures  be  permitted  only  when 
there  is  no  impact  upon  reciprocity. 


Increasing  the  Flow  of  Data 

Many  persons  who  spoke  to  the  Commission  were  quite  critical  of  the 
I  ntel  I  i gence  Commu ni ty's  tendency  to  d i ssemi  nate  i  ntel  I  i gence  data  w i thi  n 
compartmented  channels  rather  than  at  the  generally  protected  level.  Com¬ 
batant  commanders  are  adamant  that  intelligence  must  be  released  at  the 
Secret  level  to  be  useful  to  them.  Law  enforcement  agencies  increasingly 
assert  that  most  intelligence  information  passed  to  them  is  overclassified  and 
therefore  often  unusable.  Excessive  compartmentation  precludes  the  timely 
dissemination  of  intelligence  pending  completion  of  reviews  to  remove  (or 
sanitize)  source  and  method  revealing  information  or  until  permission  is 
granted  for  release  of  originator-controlled  data.  This  has  an  adverse  impact 
on  the  timeliness  and  specificity  of  intelligence.  The  impact  is  very  serious  to 
users  of  intelligence  in  the  DoD,  its  agencies,  and  the  military  services. 

During  the  Gulf  V\lar,  the  limited  amount  of  sanitized  operations- related 
intelligence  information  forced  one  military  officer  to  meet  his  warfighting 
needs  by  regularly  flying  two  Captains  back  and  forth  to  US  installations 
in  Europe  to  get  additional  information  decompartmented  and  then  to 
return  with  as  much  of  this  hard  copy  intelligence  data  and  imagery  as  they 
could  carry. 

All  users  made  clear  to  the  Commission  that  they  want  intelligence  pro¬ 
vided  in  a  more  timely  manner,  with  as  much  specificity  as  possible,  and  with 
fewer  dissemination  restrictions.  Currently  compartmented  data  should  be 
reviewed  to  remove  source-  or  method-revealing  information  so  that  signifi¬ 
cantly  more  intelligence  information  can  be  made  available  as  generally  pro¬ 
tected  information.  Those  sanitizing  intelligence  should  also  ensure  as  much 
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usable  data  remains  as  possible.  Concerns  have  been  raised  that,  at  times,  so 
much  information  is  removed  in  order  to  protect  sources  and  methods,  the 
ability  of  users  of  the  information  to  make  critical  decisions  is  undermined. 

The  Commission  is  encouraged  by  efforts  under  way  to  limit  the  amount 
of  controlled  access  information  within  the  Intelligence  Community.  Most 
intelligence  reporting  based  on  human  sources  is  not  compartmented  because 
source-identifying  information  is  deleted.  Further,  a  significant  amount  of 
imagery  is  being  released  outside  of  compartmented  channels.  While  the 
National  Security  Agency  has  made  progress  in  decompartmenting  its  infor¬ 
mation,  more  can  be  done.  Significant  benefit  would  be  gained  if  the  National 
Security  Agency  were  to  form  a  task  force,  similar  to  the  one  formed  by  the 
Central  I  magery  Office,  to  drastically  reduce  the  amount  of  compartmented 
information  it  produces,  and  to  release  more  intelligence  at  the  generally  pro¬ 
tected  level. 

The  Commission  believes  that  as  a  general  rule,  only  the  limited  amount 
of  intelligence  that  would  materially  compromise  sensitive  sources  and  meth¬ 
ods  or  collection  strategies,  as  well  as  that  which  has  exceptional  political  sen¬ 
sitivity  due  to  the  nature  of  the  target,  should  remain  within  compartmented 
channels.  The  remaining  vast  majority  of  data  should  be  routinely  released  as 
generally  protected  information.  Where  source-revealing  information  must 
necessarily  be  included,  the  Commission  strongly  recommends  the  use  of  a 
tear  line.  Those  who  need  to  know  how  the  information  was  derived  will 
have  access  to  the  information  above  the  tear  line,  marked  SECRET  COM- 
PARTMENTED  ACCESS.  Those  who  need  to  act  on  the  information,  but  do 
not  need  to  know  the  source  of  the  information,  will  receive  the  generally  pro¬ 
tected  information  below  the  tear  line,  marked  SECRET. 


All  users . . .  want 
intelligence 
provided  In  a  more 
timely  manner, 
with  as  much 
specificity  as 
possible,  and  with 
fewer 

dissemination 

restrictions. 


The  Commission  recommends  that: 

a)  All  intelligence  reporting  within  compartmented  channels  be 
severely  restricted  to  the  limited  amount  of  information  that  would 
coinpromise  sensitive  sources  and  methods  or  collection  strategies, 
or  that  has  exceptional  political  sensitivity. 

b)  All  other  intelligence  products,  particularly  when  related  to 
military  operations,  be  released  as  generally  protected  information. 


Advanced  weapon  systems  and  specialized  intelligence  capabilities  are  of 
little  use  to  the  military  commander  if  he  is  unaware  of  them  and  unableto 
train  warfighting  elements  in  the  use  of  the  new  capability.  Briefing  com¬ 
manders  when  compartmented  access  programs  are  ready  for  use  is  not 
enough.  Military  elements  must  be  kept  aware  of  the  program,  its  goals  and 
objectives,  and  its  potential  employment  well  ahead  of  production  and 
deployment  in  order  to  fully  incorporate  new  capabilities  into  unit  war  plans. 

Although  many  technologies,  weapon  systems,  and  intelligence  capabili¬ 
ties  are  ultimately  developed  for  use  by  the  warfighter,  no  effective  procedure 
exists  to  ensure  that  combatant  commanders  are  briefed  on  all  such  systems, 
their  capabilities,  and  projected  availability  for  use.  Moreover,  theCommis- 
sion  found  that  even  when  military  elements  are  briefed,  they  are  put  under 
such  tight  constraints  that  they  are  unableto  use  the  compartmented  access 
information  in  any  practical  way.  This  prohibits  field  elements  from  being 
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able  to  incorporate  these  capabilities  into  war  planning  and  other  crisis  activi¬ 
ties. 


More  needs  to  be 
done  to  keep 
combatant 
commanders 
informed  of 
current  and 
upcoming 
programs, 
capabilities, 
weapons,  or 
operations  that 
could  potentially 
be  used  in  a 
military  scenario. 


A  senior  military  officer  on  fhe  Joint  Staff  expressed  concern  fhat  current 
classification  and  security  procedures  constrict  the  flow  of  operational 
information  to  the  warfighter  at  the  tactical  level.  H  e  felt  that  i/i/e  still  treat 
certain  capabilities  as  pearls  foo  precious  fo  wear-we  acknowledge  their 
value,  but  because  of  their  value,  we  lock  them  up  and  don't  use  them  for 
fear  of  losing  them. 

The  Commission  believes  that  more  needs  to  be  done  to  keep  combatant 
commanders  informed  of  current  and  upcoming  programs,  capabilities, 
weapons,  and  operations  that  could  potentially  be  used  in  a  military  venue. 
Accordingly,  a  separate,  small  entity  should  be  established  and  given  the 
responsibility  to  work  with  the  owners  of  compartmented  access  information 
to  disseminate  it  aggressively  to  combatant  commanders.  This  entity,  with  full 
access  to  all  compartmented  access  programs,  would  balance  the  perceived 
reluctance  of  special  access  program  managers  to  share  information  against 
the  perceived  tendency  of  military  entities  to  disseminate  this  information 
broadly  within  a  command.  The  intent  is  to  ensure  that  combatant  command¬ 
ers  are  more  fully  informed  about  compartmented  access  activities  while  tak¬ 
ing  into  account  the  sensitivity  and  fragility  of  the  information. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence: 

a)  Establish  a  separate  entity  to  work  with  special  access  program 
managers  and  combatant  commanders  to  ensure  that  military  com¬ 
mands  are  more  fully  aware  of  compartmented  access  information 
concerning  current  and  projected  technologies,  weapons,  tech¬ 
niques,  operations  and  programs  that  are  pertinent  to  their  respon¬ 
sibilities. 

b)  Delegate  authority  to  combatant  commanders  to  brief  staff 
members  with  a  need-to-know  on  compartmented  access  informa¬ 
tion  so  that  these  capabilities  can  be  incorporated  into  conflict  plan¬ 
ning  activities. 


Special  Cover  Measures 

There  are  many  valid  reasons  for  the  special  cover  measures  used  by 
some  military  and  intelligence  organizations,  such  as  potentially  life-threaten¬ 
ing,  high-risk,  covert  operations  and  intelligence  and  counterintelligence 
investigations  or  operations.  H  owever,  these  techniques  also  have  increas¬ 
ingly  been  used  for  major  acquisition  and  technology- based  contracts  to  con¬ 
ceal  the  fact  of  the  existence  of  a  fad  I  ity  or  activity  or  to  mask  government- 
contractor  affiliations. 

The  Commission  found  that  the  use  of  cover  to  conceal  the  existence  of  a 
government  facility  or  the  fact  of  government  research  and  development 
interest  in  a  particular  technology  is  broader  than  necessary  and  significantly 
increases  costs.  For  example,  one  military  service  routinely  uses  cover  mecha¬ 
nisms  for  its  acquisition  controlled  access  programs  without  regard  to  indi- 
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vidual  threat  or  need.  Another  military  organization  uses  cover  to  hide  the 
existence  of  certain  activities  or  facilities.  Critics  maintain  that  in  many  cases, 
cover  is  being  used  to  hide  what  is  already  known  and  widely  reported  in  the 
news  media. 

Several  government  agencies  paid,  under  various  secure  contracts,  to  have 
a  significant  number  of  "sterile"  telephones  installed  to  hide  contractors' 
affiliations  with  the  government  In  many  cases,  the  sterile  telqohones  were 
installed  next  to  secure  telephones  required  by  other  classified  government 
contracts,  in  one  case,  a  contractor  had  200  sterile  telqohones  next  to  173 
STU-III  telephones  and  145  secure  "green"  phone  lines. 

These  cova  mechanisms  are  expensive  and  the  marginal  security  benefits 
gained  by  compartmenting  knowl^ge  of  the  existence  of  a  government  or 
contractor  facility  often  are  outweighed  by  the  costs  of  concealment,  includ¬ 
ing  the  costs  to  other  programs  that  would  benefit  from  sharing  technical 
knowledge  and  sharing  use  of  the  facility.  Special  protection  genaally  should 
focus  on  the  most  sensitive  uses  of  a  facility,  rather  than  the  fact  of  its  exist¬ 
ence. 

Organizations  with  high-funding  profiles  and  extensive  contracts,  such  as 
the  National  Reconnaissance  Office,  have  incorporated  elaborate  rules  into 
their  daily  operations  to  conceal  the  fact  of  their  existence  and  to  hide  the 
identity  and  affiliation  of  organization  employees  and  contractors.  Even 
though  theNRO's  existence  was  finally  declassified  in  1992,  classification  for 
most  of  its  personnel  and  activities  remains  in  place.  We  believe  many  NRO 
classification  requirements  currently  imposed  can  be  dropped  without  danga 
to  essential  NRO  activities. 

The  Commission  believes  an  overall  review  of  theDoD  and  Intelligence 
Community  organizations  employing  cover  mechanisms  is  needed  to  deter¬ 
mine  whether  such  costly  mea&&  continue  to  be  necessary. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence: 

a)  Rescind  blanket  classified  status  for  the  NRO  and  its  employ¬ 
ees. 

b)  Review  the  cover  status  of  theDoD  and  Intelligence  Commu¬ 
nity  elements  and  personnel,  rescinding  cover  for  those  without  a 
documented  covert  intelligence  or  operational  mission. 

c)  Review  existing  covert  contractual  requirements  to  determine 
those  that  may  be  canceled  as  soon  as  advantageous  to  the  govern¬ 
ment. 

d)  Develop  new  policies  for  cover  that  limits  its  use  to  those  situ¬ 
ations  for  which  it  is  needed. 


Security  Oversight  of  Compartmented  Access  Programs 

TheDoD  management  framework  provides  for  oversight  of  all  DoDcom- 
jartmented  access  programs  through  reviews  by  the  Deputy  Secretary  of 
Defense.  Oversight  is  also  provided  by  reports  to  Congress.  The  Commission 
has  reviewed  the  reporting  procedures  that  exist  with  respect  to  Congres- 
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An  independent 
viewpoint  is 
necessay  to 
interject  an 
unbiased,  broader 
perspective  on 
controlled  access 
proposals  and 
practices. 


sional  oversi  ght  of  the  DoD  control  I  ed  access  programs,  i  ncl  ud  i  ng  those  for 
programs  that  are  waived  from  certain  requirements  due  to  their  extreme  sen¬ 
sitivity.  We  see  no  need  to  modify  existing  reporting  procedures  and  believe 
that  the  current  system  should  continue  without  change. 

Until  recently  there  has  been  no  procedure  for  centralized  assessment  of 
special  program  proposals  submitt^  directly  to  the  Deputy  Secretary  of 
Defense  by  the  military  departments.  The  recent  formation  of  the  DoD  Special 
Access  Program  Oversight  Committee,  which  the  Commission  fully  supports, 
will  ensure  that  every  program  is  reviewed  by  a  panel  of  senior  officials  prior 
to  its  establishment,  and  annually  thereafter,  to  determine  whether  compart- 
mentation  for  each  program  is  still  required.  This  new  management  structure 
is  an  important  initiative  to  improve  centralized  review,  cross-program  inte¬ 
gration,  security  policy  guidance,  and  oversight  of  special  programs. 

The  Commission  suggests  that  the  Oversight  Committee  expand  this 
review  to  incorporate  a  separate  evaluation  of  the  proposed  or  actual  security 
countermeasures  for  each  special  program.  A  separate  review  could  yield 
alternate  security  countermeasures  to  replace  the  sometimes  costly  or  ineffi¬ 
cient  countermeasures  proposed  by  the  sponsoring  special  program  manag¬ 
ers.  For  existing  controlled  access  programs,  the  Committee  should  examine 
how  previously-approved  security  countermeasures  are  actually  imple¬ 
mented.  This  may  reveal  security  practices  that  are  no  longer  necessary  and 
help  to  lessen  the  gap  between  actual  practice  and  policies  for  controlled 
access  programs.  Finally,  the  Commission  believes  that  security  cost-drivers, 
such  as  unacknowledged  special  program  status,  imposition  of  cover,  manda¬ 
tory  polygraphs  for  access,  and  waivers  from  Defense  Investigative  Service 
inspections  of  contractors,  should  be  considered  and  approved  separately  by 
the  DoD  Special  Access  Program  Oversight  Committee  before  they  are 
unposed.  These  steps  will  aid  the  Oversight  Committee  in  eliminating  unnec¬ 
essary  and  costly  security  practices  and  in  redirecting  scarce  protection 
resources  to  other  program  priorities. 

The  Commission  believes  that  the  DoD's  new  approach  to  overseeing 
controlled  access  programs  is  reasonable.  However,  the  Commission  believes 
the  process  could  be  strengthened  by  establishing  a  security  oversight  arm 
that  is  wholly  independent  from  the  everyday  management  and  security  of 
controlled  access  programs.  An  independent  viewpoint  is  necessary  to  inter¬ 
ject  an  unbiased,  broader  perspective  on  controlled  access  proposals  and  prac¬ 
tices  because  many  believe  that  SAPs  are  created  not  simply  for  security 
reasons,  but  to  create  a  specialized  cadre  of  experts,  streamline  procurement, 
limit  oversight,  and  thus  speed  development.  Others  are  concerned  that  fun¬ 
damental  questions  about  the  propriety  of  controlled  access  activities  may  not 
be  raised  by  those  within  the  special  program  community,  or  be  presented  to 
senior  policymakers  outside  of  the  sponsoring  military  service.  This  new 
oversight  function  would  have  to  have  up-front,  across-the-board  access  to  all 
special  access  programs. 

The  Commission's  proposed  independent  oversight  arm  also  would  pro¬ 
vide  valuable  guidance  with  respect  to  access  control  practices  applied  to  pro¬ 
grams  other  than  recognized  SAPs.  In  the  past,  certain  DoD  components  have 
limited  the  distribution  of  particular  types  of  classified  information,  such  as 
military  plans,  without  formally  designating  the  program  as  a  SAP,  because 
SAPs  require  high-level  approval  and  oversight.  These  programs  use  labels 
such  as  UMDIS  (limited  distribution),  SPECAT  (special  category),  or  other 
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less  formal  designations.  The  Commission  views  these  programs  as  "SAP- 
like"  in  that  aspects  of  approved  specially  protected  programs,  such  as  multi¬ 
ple  compartments  and  nondisclosure  agreements,  often  are  imposed  upon 
those  given  access  to  the  information.  However,  DoD  officials  have  taken  the 
position  that  compartmentation  to  protect  military  plans  should  not  be  con¬ 
sidered  a  "program"  within  the  meaning  of  Special  Access  Program  regula¬ 
tions,  but  simply  a  "planning  document."  As  a  result,  military  plans  currently 
are  not  included  in  senior-level  special  program  reviews. 

Inthe future,  none  of  these  "plans  versus  program"  distinctions  should 
matter  under  the  Commission's  proposed  new  classification  structure.  How¬ 
ever,  independent  oversight  will  continue  to  be  necessary  for  controlled 
access  p  rograms  to  ensu  re  that  secu  ri  ty  i  ssu  es  are  f u  1 1  y  ai  red  to  sen  i  or  man¬ 
agement.  Assigning  independent  responsibility  for  conducting  inquiries 
regarding  activities  protected  by  special  programs  and  similar  compartments, 
will  give  the  Secretary  of  Defense  a  valuable  check  and  serve  as  a  safety  valve 
in  ensuring  that  security  protections  are  not  misused,  and  that  questionable 
practices  are  brought  to  light  and  resolved  within  the  Department. 


The  Commission  recommends  that  the  Secretary  of  Defense: 

a)  U  nder  the  auspices  of  the  DoD  Special  Access  Program  Over¬ 
sight  Committee: 

1)  Conduct  a  separate  evaluation  of  proposed  or  actual  security 
countermeasures  for  controlled  access  programs. 

2)  Separately  review  and  approve  unacknowledged  status,  impo¬ 
sition  of  cover,  mandatory  polygraph  for  access  requirements,  and 
waivers  from  Defense  Investigative  Service  security  inspections  of 
contractors  before  they  may  be  imposed  on  controlled  access  pro- 
grams- 

b)  Assign  security  oversight  responsibilities  for  controlled  access 
activities  to  an  independent  DoD  office  outside  the  special  program 
CQnununity. 


The  day-to-day 
most  serious 
problem  is  that 
we  don’t  get 
intelligence  to  the 
policymakers  in  a 
way  that  they  can 

use  it. 


CLASSIFICATION  MANAGEMENT  PRACTICES 

There  are  a  number  of  additional  areas  dealing  with  the  implementation 
and  management  of  the  classification  system,  whether  the  current  or  the  pro¬ 
posed  system,  that  require  consideration  and  improvement. 

Dissemination  Controls-Impediments to 
Getting  Intelligence  into  the  Hands  of  Customers 

A  senior  intelligence  official  stated  that  "the  day-to-day  most  serious 
problem  isthat  wedon't  get  intelligenceto  the  policymakers  in  away  that 
they  can  use  it."  The  issue  is  not  merely  that  too  much  information  is  com- 
partmented,  but  that  intelligence  users  may  be  denied  timely  access  to  intelli¬ 
gence  data  and  other  classified  information  due  to  an  originator's  tendency  to 
include  unnecessary  control  markings. 
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Four  of  the  standard  control  markings^  established  by  the  Director  of 
Central  Intelligence  for  the  Intelligence  Community  are  security  controls;  two 
are  not.'  The  Commission  recommends  that  three  of  the  four  security  control 
markings  be  eliminated.  They  are  duplicative,  unnecessary,  and  impede  the 
timely  transfer  of  intelligence  to  those  who  need  it.  WNINTEL  (Warning 
Notice-  Intelligence  Sources  and  Methods  Involved)  is  implicit  in  the  spe¬ 
cially  protected  category,  ORCON  (  Dissemination  and  Extraction  of  Informa¬ 
tion  Controlled  by  Originator)  is  viewed  as  more  of  an  impediment  to 
intelligence  users  than  a  protection  for  intelligence  producers,  and  all  US  clas¬ 
sified  information  is  NOFORN  (not  releasable  to  foreign  nationals),  unless  a 
decision  is  made  to  release  such  information.  Accordingly,  the  REL  TO 
(authorized  for  release  to. .  . )  control  should  suffice. 

Under  the  new  classification  system,  security  control  markings,  apart 
from  REL  TO,  will  not  be  needed  or  desirable  for  generally  protected  informa¬ 
tion  labeled  SECRET,  because  such  information  will  be  under  a  discretionary 
need-to-know  regime.  Similarly,  security  control  markings  will  not  be  needed 
or  desirable  for  specially  protected  information  labeled  SECRET  COMPART- 
MENTED  ACCESS  because  such  information  incorporates  centralized  access 
controls  that  already  specify  the  personnel  (government,  contractor,  foreign 
government)  who  are  to  receive  the  information. 

The  Commission  recommends  that  the  two  remaining  control  markings: 
PROPIN  (PROPRIETARY  INFORMATION),  and  NOCONTRACT  (not  releas¬ 
able  to  contractors  or  consultants)  be  combined  into  a  single  marking:  govern¬ 
ment- industry- restricted  information  (GOVIND).  The  NOCONTRACT 
marking,  as  currently  used,  often  prevents  contractors  from  obtaining  the 
information  they  need  to  do  their  job.  This  is  particularly  inappropriate  in  the 
case  of  Federally  Funded  Research  and  Development  Centers  (FFRIXs). 
These  are  non-profit  institutions  with  no  production  facilities,  no  products  or 
services  to  sell  in  commercial  markets,  and  that  are  not  supposed  to  compete 
with  non-FFRDCs.  Accordingly,  procedures  should  be  developed  to  routinely 
obtain  advance  agreement  that  corporate  proprietary  information  is  given  to 
the  government  with  the  express  understanding  that  such  information  can  be 
shared  with  FFRDCs  as  required  by  the  government. 

In  the  system  we  propose,  government  employees  and  contractors  will  be 
cleared  to  the  same  standard  and  appropriately  indoctrinated.  Consequently, 
there  will  be  no  need  to  restrict  information  from  contractors  with  a  need  to 
know,  other  than  to  protect  two  types  of  information.  The  first  is  information 
that  is  provided  to  the  government  by  a  commercial  firm  or  private  source 
under  an  express  or  implied  understanding  that  the  information  will  be  pro¬ 
tected  as  a  trade  secret  or  proprietary  data  and  will  not  be  disseminated  to  a 
potential  competitor.  The  second  is  government  information,  for  example 
budgetary  information,  that  could  give  the  contractor  an  unfair  competitive 
advantage.  A  new  marking,  GOVIND,  would  restrict  both  types  of  informa¬ 
tion. 


Agency-specific  dissemination  controls  such  as  "Exclusive  For,"  "Secret/ 
Sensitive,"  or  "Eyes  Only"  add  to  the  confusion,  and  are  rarely  enforced.  We 
recommend  that  no  agency-specific,  dissemination-control  markings  be  used 
for  security  purposes.  There  is  no  consistency  between  agencies  in  the  terms 
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used.  Whatever  unique  handling  restrictions  they  imply  usually  are  not 
understood  by  the  recipient  agencies  and  are  improperly  applied. 


The  Commission  recommends  that,  with  the  exception  of 
"GOVIND"  and  "REL  TO,"  dissemination  markings  and  controis 
be  eliminated. 


Sharing  Classified  Information 

The  world  is  changing  and  US  classified  information  not  only  is  provided 
to  close  allies,  but  also  to  coalition  partners,  some  of  whom  normally  have 
interests  quite  divergent  from  ours.  The  US  also  finds  it  necessary  to  provide 
classified  information  to  the  NATO  and  the  United  Nations  in  circumstances 
where  such  information,  once  provided,  may  be  broadly  distributed. 

It  is  not  possible  to  anticipate  every  situation,  and  flexibility  must  be  pre¬ 
served  so  that  military  commanders  and  foreign  policy  officials  are  able  to 
meet  the  special  needs  and  requirements  of  each  situation.  Nevertheless,  it  is 
helpful  to  have  general  governmentwide  guidance  as  to  the  types  of  informa¬ 
tion  that  readily  can  be  shared  or  that  pose  particular  problems.  This  reduces 
the  amount  of  information  that  must  be  assimilated  and  the  number  of  deci¬ 
sions  that  must  be  made  on  an  ad  hoc  basis  in  the  heat  of  a  crisis. 

The  security  executive  committee  should  review  information  sharing 
requirements  and  ensure  that  guidance  and  expertise  is  readily  availableto 
inform  and  assist  officials  who  must  make  release  decisions. 


The  Commission  recommends  deveiopment  of  govemmentwide 
guidance  for  sharing  classified  information  with  coaiition  partners 
and  with  the  United  Nations. 


Billet  and  Access  Control  Policies 

One  of  the  most  frustrating  features  of  many  current  SAP  and  SCI  sys¬ 
tems  is  the  resourceintensive,  bureaucratic  procedure  for  authorizing  access. 
M  ilitary  commanders  and  senior  managers  confront  cumbersome  approval 
requirements,  often  including  arbitrary  numerical  ceilings  and  rigid  billet 
structures,  if  they  wish  to  bring  another  person  with  a  legitimate  reason  for 
access  i  nto  the  compartment. 

Program  managers  try  to  limit  the  number  of  people  allowed  access  to 
many  special  programs  by  imposing  an  arbitrary  ceiling  on  the  number  of 
individual  billets  (spaces)  authorized  for  a  particular  organization  or  facility. 
Both  government  and  industry  organizations  are  forced  to  resort  to  inefficient 
and  costly  practices  to  get  around  the  access  restrictions  to  get  the  job  done. 
The  Commission  found  that  the  imposition  of  these  numerical  ceilings  and 
rigid  billet  structures  does  not  reduce  the  actual  number  of  persons  accessed 
nor  enhance  the  security  of  a  controlled  access  program.  Instead,  these  prac¬ 
tices  add  unnecessary  complexity  and  confusion. 


Program 
managers  ty  to 
limit  the  number 
of  people  allowed 
access  to  many 
special  programs 
by  imposing  an 
arbitra  y  ceiling 
on  the  number  of 
individual  billets 
authorized  for  a 
particular 
organization  or 
facility. 
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ThenumberOf 
persons  accessed 
to  specially 
protected 
information 
shouid  be  based 
on  the  number 
necessary  to 
accompiish  the 
job. 


Because  a  special  access  program  manager  r^sed  to  approve  a  new  billet 
structure  with  a  higher  billet  ceiling,  a  government  supervisor  briefed  and 
debriefed  multiple  people  against  a  single  authorized  billet  to  get  the  num¬ 
ber  of  people  neded  for  the  program.  The  supervisor  would  bri^ an  engi¬ 
neer,  telling  the  engineer  to  think  abouf  a  particular  controlled  access  issue, 
then  immediatdy  debrief  him/her.  The  same  procedure  was  followed  wifh 
other  needed  personnel  until  all  had  been  briefed  on  the  controlled  access 
program,  given  a  problem  to  resolve  under  fhe  program,  and  then  debriefed. 
Several  weeks  later,  the  supervisor  used  the  same  bri^/debri^  method  to 
obtain  fhe  solutions  from  the  personnel. 

These  controls  only  give  the  illusion  of  security  whileadding  excessive 
cost  and  inefficiency  to  the  access  approval  process.  The  Commission,  then+ 
fore,  recommends  an  end  to  the  practice  of  limiting  access  to  specially  pro¬ 
tected  information  based  on  the  number  of  authorized  billets  or  imposed 
numerical  ceilings.  The  Commission  believes  that,  to  permit  more  effective 
accomplishment  of  mission  tasks,  a  zero-based  review  and  update  of  con¬ 
trolled  access  rosters  in  concert  with  using  elements  is  necessary  to  determine 
the  personnel  who  truly  have  a  bona  fide  contractual  or  job-related  require¬ 
ment  for  controlled  access  information.  The  results  of  the  review  should  form 
the  backbone  of  new  access  management  processes  that  should  eventually 
feed  into  a  data  base  system.  Quite  simply,  the  number  of  persons  accessed  to 
specially  protected  information  should  be  based  on  the  number  necessary  to 
accomplish  the  job. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence  direct  that  controlled  access  pro¬ 
gram  managers  conduct  a  zero-based  review  to  ensure  that  all  per¬ 
sonnel  with  a  miss! on -essential  need  to  know  specially  protected 
information  receive  access  to  the  information.  The  number  of 
accessed  personnel  should  meet  the  need  for  properly  cleared  and 
indoctrinated  persons  to  support  acquisition,  planning,  and  opera¬ 
tions  and  not  depend  on  arbitrary  ceilings. 


Secrecy  Agreements 

At  present,  most  US  Government  employees  and  contractors  granted 
access  to  classified  information  sign  a  Classified  Information  Nondisclosure 
Agreement  (Secrecy  Agreement)  in  which  they  agree  never  to  divulge  classi¬ 
fied  information  to  an  unauthorized  person.  Whilethis  agreement  does  not 
contain  a  prepublication  review  provision,  the  individual  agrees  that,  if  there 
is  uncertainty  about  the  classification  status  of  information,  he  will  confirm 
with  an  authorized  official  that  the  information  is  unclassified  before  he  dis¬ 
closes  it 

Recipients  of  access  to  Sensitive  Compartmented  Information  (SCI)  and 
DoD  Special  Access  Programs  (SAPs)  sign  a  nondisclosure  agreement  or 
indoctrination  statement  with  a  prepublication  requirement  each  time  that 
they  are  admitted  to  a  compartment,  program,  or  category  of  information 
within  a  program. 
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The  SCI  agreement  obligates  the  signer  not  to  disclose  anything  marked 
as  SCI  or  that  they  know  to  be  SCI,  and  to  submit  for  review  any  material  that 
"contains  or  purports  to  contain  any  SCI  or  description  of  activities  that  pro¬ 
duce  or  relate  to  SCI ,  or  that  they  have  reason  to  believe  are  derived  from 
SCI."  Recipients  of  National  Security  Agency  information  agree  to  submit  for 
review  all  information  that  contains  or  purports  to  contain,  refers  to,  or  is 
based  upon  "Protected  Information,"  essentially  defined  as  classified  infor¬ 
mation  obtained  as  a  result  of  their  relationship  with  the  NSA. 

Recipients  of  DoD  SAP  information  sign  a  similar  agreement  that  indoc¬ 
trinates  them  into  the  program  and  obligates  them  to  submit  for  review  all 
information  which  contains  or  purports  to  contain  any  "Designated  Classified 
Information,"  (essentially  defined  as  SAP  information)  or  description  of  activ¬ 
ities  that  produce  or  relate  to  Designated  Classified  Information. 

Central  Intelligence  Agency  employees  sign  a  secrecy  agreement  that 
contains  a  significantly  broader  prepublication  agreement  that  obligates  them 
to  submitfor  review  any  material  they  contemplate  disclosing  that  contains 
any  mention  of  intelligence  data  or  activities  or  contains  any  other  informa¬ 
tion  or  material  that  might  be  based  upon  classified  information.  There  are 
strong  arguments  for  this  expansive  language.  It  has  more  teeth  and  gives 
broader  legal  protection,  because  the  obligation  is  not  limited  to  classified 
information,  the  government  can  proceed  against  the  individual  simply  for 
failing  to  submit  for  prior  review  information  that  mentioned  or  was  based  on 
intelligence  without  having  to  prove  classification. 

Most  of  the  Commissioners  are  not  persuaded  that  persons  with  access  to 
the  same  classified  information  should  have  differing  obligations.  Most  Com¬ 
missioners  also  are  not  persuaded  that  intelligence  professionals  at  the  CIA 
should  be  held  to  a  higher  standard  than  that  applied  to  others  in  government 
who  receive  CIA  information.  These  Commissioners  do,  however,  acknowl¬ 
edge  that  it  is  not  unreasonable  for  a  Director  of  Central  Intelligence  to  con- 
cludethat  CIA  employees  should  be  held  to  a  higher  standard  because,  for 
example,  CIA  employees  are  more  likely  to  be  exposed  to  sensitive  sources 
and  methods  information  over  their  career  than  many  employees  in  other 
agencies. 

Prepublication  review  is  designed  to  guard  against  the  malicious  and  the 
uncertain.  Those  with  malicious  intent  will  not  submit  material  for  review  no 
matter  how  broad  the  standard.  The  conscientious  employee  or  retiree,  uncer- 
tam  as  to  whether  information  is  classified,  will  submit  material  even  with  a 
narrow  standard.  The  Commission  is  concerned  about  the  chilling  affect  of 
any  prepublication  review,  but  particularly  the  broad  standards  in  the  current 
CIA  secrecy  agreement.  Government  employees  should  not  forfeit  the  ability 
to  participate  in  public  policy  debates  merely  because  they  have,  or  had, 
access  to  highly  classified  information.  Indekl,  their  participation  in  the 
debate  should  be  encouraged.  On  bai  ace,  the  majority  of  the  Commissioners 
concluded  that  there  should  be  one  andard  secrecy  agreement  for  govern¬ 
ment  and  contiactor  employees  wirr  access  to  compartmented  information 
that  does  not  incorporate  the  higher  review  standard  in  the  current  CIA  ver¬ 
sion.  However,  the  Commission  also  recognizes  that  the  Director  of  Central 
Intelligence  may  conclude  that  his  statutory  responsibility  to  protect  sources 
and  methods  requires  that  he  maintain  the  stricter  version. 
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Standardization 
of  secrecy  or 
nondisclosure  , 
agreements  and  of 
prepublication 
re\/iew 

requirements  is 
needed. 


Regardless  of  the  prepublication  review  standard,  the  Commission 
believes  that  it  is  neither  legally  required  nor  desirable,  with  respect  to  SCI 
and  SAP  material,  for  the  individual  to  sign  a  separate  nondisclosure  agree¬ 
ment  for  each  compartment,  subcompartment,  program  and  category  of 
information  within  a  program.  A  single  secrecy  agreement  obligates  the  indi¬ 
vidual  not  to  disclose  classified  information.  A  single  prepublication  provi¬ 
sion  obligates  the  individual  to  submit  specially  protect^  material  for  review. 
Although  there  is  no  harm  in  reminding  an  individual  of  his  obligation  to  pro¬ 
tect  the  information,  the  multiple  forms  may  in  fact  create  the  erroneous 
impression  that  unless  a  new  form  is  signed  for  each  type  of  information  'or 
for  each  compartment,  the  obligation  to  protect  the  information  and  submit  it 
for  prepublication  review  is  somehow  not  present.  Moreover,  there  are  costs 
involv^  in  producing,  using,  and  storing  the  plethora  of  forms,  particularly 
in  an  environment  in  which  many  individuals  have  multiple  accesses.  These 
costs  can  and  should  be  avoided. 

The  Commission  believes  that  standardization  of  secre^  or  nondisclo¬ 
sure  agreements  and  of  prepublication  review  requirements  is  needed.®  Two 
agreement  forms  should  suffice:  one  agreement  for  generally  protected  infor¬ 
mation,  and  one  for  specially  protected  information.  If  an  individual  signs  the 
agreement  for  specially  protected  information,  it  will  be  the  only  agreement 
required. 


The  Commission  recommends  that  no  individuai  sign  more  than 
two  nondisclosure  agreements.  One  standardized  agreement  with¬ 
out  a  prepubiication  review  provision,  wiii  be  used  for  generaiiy 
protected  information;  the  other  standardized  agreement,  with  a 
prepubiication  review  provision,  wiii  be  used  for  speciaiiy  pro¬ 
tected  information.  If  an  individual  signs  the  agreement  for  spe¬ 
ciaiiy  protected  information,  signing  an  agreement  for  generaiiy 
protected  information  would  not  be  necessary. 


Declassification 

Si  mpl  y  put,  the  cu rrent  system  for  declassification  does  not  work  M  uch 
of  the  information  that  is  classified  does  not  have  a  declassification  date.  Gen¬ 
erally  it  is  marked  OADR  (Originating  Agency's  Determination  Required) 
and  remains  classified  indefinitely.  Detailed  review  of  these  documents  is  not 
feasible,  and  arbitrary  bulk  or  automatic  declassification  schemes  are  per¬ 
ceived  as  risking  the  loss  of  information  that  still  requires  protection. 

The  Cold  War  period  produced  a  huge  amount  of  classified  information, 
and  thus,  an  enormous  backlog  of  potentially  declassifiable  information.  In 
addition  to  information  held  by  individual  agencies,  there  are  an  estimated 
300-400  million  pages  of  classified  information  in  the  National  Archives.  Mil¬ 
lions  of  additional  documents  are  classified  each  year.  The  Information  Secu¬ 
rity  Oversight  Office  reports  between  6-7  million  original  and  derivative 
classification  actions  per  year  in  Fiscal  Years  1990  to  1992. 

Agencies  generally  are  not  willing  to  declassify  information  without 
review,  yet  as  the  mountain  of  classified  information  grows,  it  is  clear  that  a 


27 


line-by-line  and  document- by-document  review  of  this  information  would  be 
extremely  expensive  and  time  consuming.^  Moreover,  given  public  and  con¬ 
gressional  concern  today  that  sufficient  resources  are  not  being  devoted  to 
currentFOIA, Privacy  Act,  and  mandatory  review  requesters,  diverting  lim¬ 
ited  available  resources  to  a  time-consuming  review  process  that  is  not  driven 
by  customer  demand  is  unacceptable. 

Any  declassification  regime,  therefore,  must  be  examined  to  ensure  that  it 
does  not  create  a  significant  burden  for  government  agencies  without  provid¬ 
ing  any  great  advantage  to  the  public  Put  more  positively,  a  new  classifica¬ 
tion  system  should  maintain  classification  for  the  shortest  possible  time  and 
make  the  declassification  system  more  efficient  rather  than  more  costly. 

We  believe  that  a  great  deal  of  information  can  be  automatically  released 
in  ten  years  and  that  most  information  can  be  released  in  25  years.  What  is 
necessary,  however,  is  to  distinguish  those  categories  of  information  that  are 
good  candidates  for  declassification  after  10, 15,  or  20  years  from  categories  of 
information,  such  as  human-source  information,  that  may  require  protection 
for  longer  periods  of  time.  By  correctly  categorizing  classified  information,  we 
can  reducethe  number  of  times  that  the  government  needs  to  review  docu¬ 
ments  and  develop  a  strategy  that  will  allow  releaseof  information  without 
the  need  for  line-by-line  review. 

We  recommend  that  a  new  Executive  order  on  classification  specify  cer- 
tam  categories  of  information  that  can  be  exempted  from  automatic  declassifi¬ 
cation  at  the  end  of  10  years,  and  also  permit  agency  heads  to  nominate,  and 
the  security  executive  committee  to  approve  additional  limited  categories  of 
information  that  may  require  protection  longer  than  10  but  fewer  than  25 
years.  Information  could  then  he  marked  at  the  time  of  its  creation  to  reflect  a 
date  upon  which  it  would  be  automatically  declassified. 

For  example,  if  it  were  believed,  with  respect  to  a  particular  category  of 
information  that,  at  the  end  of  10  years,  classification  would  have  to  be 
extended  for  the  majority  of  information  in  that  category,  a  longer  time  period 
would  be  selected.  Otherwise,  when  the  10-year,  automatic-declassification 
date  arrived,  the  agency  would  feel  compell^  to  do  a  line-by-line  review  of 
the  information,  most  of  the  information  probably  would  remain  classified,  a 
great  deal  ofcostwould  be  incurred,  and  little  advantage  would  bederived 
by  the  public. 

On  the  other  hand,  if  it  were  believed  that  most  of  the  information  in  that 
category  cou  I  d  be  rel  eased  at  the  end  of  15  years,  then  i  t  w  ou  I  d  be  expected 
that  when  the  automatic  declassification  date  arrived,  the  agency  would  feel 
more  comfortable  ad opti  ng  a  risk  management  rather  than  a  risk  avoidance 
approach  to  the  material.  The  agency  would  be  far  less  likely  to  see  the  need 
for  line-by-line  review  of  the  information  and  far  more  willing  to  release  the 
information  with  little  or  no  review.  For  example,  if  it  were  believed  that  fin¬ 
ished  intelligence  could  be  released  in  15  years,  then  it  could  be  expected  that 
at  the  end  of  that  period  reviewers  might  conclude  that  the  release  of  15-year- 
old  political  intelligence  would  not  result  in  significant  harm,  that  the  rdease 
of  E-year-old  economic  intelligence  would  not  do  significant  harm,  but  that 
there  were  a  couple  of  weapon  systems  still  in  use  and  still  of  continued  inter¬ 
est.  In  such  a  scenario,  reviewers  might  look  to  see  if  S-year-old  military 
intelligencewritten  on  these  two  weapon  systems  still  should  remaindassi- 
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fied,  but  would  not  undertake  a  line-by-line  review  of  the  rest  of  the  15-year- 
old  finished  intelligence. 

We  are  keenly  aware  that  an  important  underpinning  of  our  system  of 
government  is  an  informed  citizenry  and  that  without  the  prompt  release  of 
pertinent  information,  intelligent  public  policy  debate,  academic  discussion, 
and  historical  research  is  handicapped.  Nevertheless,  there  are  clear  examples 
where  the  American  people  are  better  served  by  continued  protection  of  cer¬ 
tain  classified  information.  For  example,  the  revelation  of  the  identity  of  a 
confidential  intelligence  source,  even  after  the  passage  of  years,  can  have  a 
serious  negative  impact  on  that  individual  and  would  not  serve  US  interests. 
Similarly,  release  of  information  about  a  previous  generation  of  US  weapons 
can  still  have  a  significant  negative  impact  on  the  safety  of  US  forces. 

•  We  believe  the  proper  balance  can  be  struck  in  the  Executive  order  by 
allowing  agency  heads  to  exempt,  at  the  time  of  its  creation,  specific  informa¬ 
tion  from  the  25  year  automatic  declassification.  This  information  would  be 
within  the  following  categories: 

•  Information  that  would  jeopardize  a  human  intelligence  source  or 
impair  use  of  an  intelligence  method. 

•  Information  that  would  compromise  sensitive  military  operations. 

•  Information  that  would  impair  US  cryptologic  systems  or  activities. 

•  Information  about  weapons  technology  that  provides  the  US  with  a 
battlefield  advantage  or  would  assist  in  the  development  or  use  of  weapons  of 

mass  destruction. 


The  Commission  recommends  that  four  principles  drive  the  declas¬ 
sification  system; 

a)  A  classifier  should  attempt  to  identify  a  specific  date  or  event 
when  information  can  be  declassified. 

b)  If  no  date  or  event  is  specified,  there  is  a  rebuttable  presump¬ 
tion  that  all  classified  information  would  be  declassified  no  later 
than  10  years  from  the  date  of  creation. 

c)  The  Executive  order  should  specify  categories  of  information, 
exempt  from  the  10  year  declassification  requirement,  that  can 
remain  classified  for  25  years.  Agency  heads  should  prepare  guide¬ 
lines  to  implement  exemption  of  these  categories.  These  guidelines 
will  be  approved  by  the  security  executive  committee. 

d)  The  Executive  order  should  also  specify  very  narrow  categories 
of  information  that  will  be  exempt  from  the  25  year  automatic 
declassification  requirements.  These  categories  should  include 
information  that  would  jeopardize  a  human  intelligence  source  or 
compromise  ongoing  sensitive  military  capabilities.  Heads  of  agen¬ 
cies  should  develop  guidelines  that  will  implement  the  exemption 
of  these  categories  from  automatic  declassification.  These  guidelines 
would  be  approved  by  the  security  executive  committee. 
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Making  the  Classification  System  Really  Work — 

An  Integrated  Approach  with  Appropriate  Oversight 

The  one-level  classification  system  with  two  degrees  of  protection  is 
designed  to  provide  a  framework  that  will  support  a  coherent  and  consistent 
governmentwide  approach  to  both  classification  and  security.  It  recognizes 
that  classification  drives  security  costs  and  that  security  practices  are  evolving 
naturally,  albeit  slowly,  around  two  levels  of  protection.  It  and  the  other  classi¬ 
fication  management  recommendations  build  upon  steps  already  taken  by, 
and  borrow  from  the  ideas  of,  thoughtful  security  professionals. 

Nevertheless,  no  system  can  be  expected  to  work  very  well  if  there  is  no 
one  in  charge.  Today,  there  are  few  govemmentwide  standards  and,  even 
when  standards  are  supposed  to  have  general  applicability,  they  often  are 
translated  and  interpreted  in  ways  that  do  violence  to  the  concept  of  stan¬ 
dardization.  Often  there  is  no  penalty  for  noncompliance.  Moreover,  we  con¬ 
clude  that  the  Information  S^urity  Oversight  Office  (ISOO)  simply  is  not 
positioned  to  ensure  compliance.  Without  an  effective  policy  and  oversight 
structure,  no  coherent  security  policy  is  likely  to  evolve.  Instead,  inconsistent 
rules  will  continue  to  be  formulated,  and  disputes  will  continue  to  impede  the 
development  of  a  uniform  policy. 

The  proposed  security  executive  committee,  on  the  other  hand,  would  be 
positioned  to  provide  effective  centralized  oversight.  Its  staff  could  include  a 
strengthened  ISOO,  headed  by  a  security  ombudsman,  with  a  broader  secu¬ 
rity  oversight  role.  In  addition,  the  outside  security  advisory  board  we  pro¬ 
pose  would  provide  a  mechanism  for  nongovernment  and  public  interest 
concerns  about  the  system  to  be  raised  to  the  committee. 

Although  centralized  oversight  is  a  necessary  and  important  innovation, 
effective  oversight  must  begin  at  the  agency  levd.  We  recommend,  therefore, 
that  each  agency  appoint  a  classification  ombudsman  whose  mission  is  to 
encourage  and  act  on  complaints  about  over-classification.  The  ombudsman 
also  will  be  required  to  routinely  review  a  representative  sample  of  the  agen¬ 
cy's  classified  material.  This  individual  would  have  the  authority  to  ask  why  a 
particular  piece  of  information  was  classified  and  to  order  it  declassified  if  no 
persuasive  reason  is  forthcoming.  Real-time  review  of  employee  complaints, 
cable  traffic,  and  other  documents;  real-time  identification  of  categories  of 
information  subject  to  misclassification;  and  real-time  identification  of  the 
individuals  responsible  for  classification  errors  would  add  management  over¬ 
sight  of  classification  decisions  and  attach  penalties  to  what  too  often  can  be 
characterized  as  classification  by  rote.  The  system  outlined  above,  in  its  broad 
contours,  has  been  in  place  in  the  Department  of  State  for  the  past  two  years, 
and  we  are  told  that  over  the  past  six  months  noticeable  progress  has  been 
made.  Information  that  previously  had  been  classified  is  no  longer  classified 
and  greater  discipline  has  been  injected  into  the  entire  classification  process. 
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Increased 
attention  must  be 
paid  to 

identifying  and 
protecting 
sensitive  but 
unclassified 
information 
within  the 
Defense  and 
Intelligence 
Communities. 


The  Commission  recommends: 

a)  Strong  centralized  oversight  by  the  security  executive  commit¬ 
tee  as  well  as  more  effective  oversight  at  the  agency  level. 

b)  A  strengthened  Information  Security  Oversight  Office  as  a  part 
of  the  security  executive  committee  staff. 

c)  A  requirement  that  each  agency  appoint  a  classification 
ombudsman,  establish  a  hot  line  for  employee  classification  ques¬ 
tions  and  complaints,  and  institute  a  spot  check  system. 


Dealing  with  Sensitive  but  Unclassified  Information 

The  information  universe  usuaiiy  is  subdivided  into  classified  and 
unclassified,  with  best  estimates  of  the  ratio  having  classified  as  about  ten  per¬ 
cent  of  total  government  information.  Unclassified  information  is  further  sub¬ 
divided  into  sensitive  information-unclassified  information  which  has  some 
confidentiality  requirement-and  non-sensitive  information  which  may  be 
disseminated  freely.  It  has  been  estimated  that  as  much  as  seventy-five  per¬ 
cent  of  all  government- held  information  may  be  sensitive. 

Government- held  sensitive  but  unclassified  information  is  information 
whose  loss,  misuse,  unauthorized  access  to,  or  rnodification  of,  could 
adversely  affect  the  national  interest  or  the  conduct  of  Federal  programs,  or 
adversely  affect  the  privacy  to  which  individuals  are  entitled  under  the  Pri¬ 
vacy  Act. 

As  with  classified  information,  this  information  must  be  protected  to 
ensure  its  confidentiality,  integrity,  and  availability.  In  some  cases,  we  do  not 
wish  unauthorized  persons  to  see  certain  information,  such  as  medical  or  per¬ 
sonnel  records.  Sometimes,  it  is  more  important  that  information  is  not 
changed  or  destroyed,  such  as  with  payroll  or  other  payment  records.  Finally, 
it  may  be  important  to  ensure  the  availability  of  these  records  within  the 
period  of  time  necessary  for  their  particular  use  or  application.  For  example,  if 
a  system  were  intentionally  clogged  or  disrupted,  we  might  be  unable  to 
access  treatment  data  to  deal  with  a  medical  emergency  or  logistics  data  to 
deal  with  a  military  or  diplomatic  crisis. 

The  Commission  believes  that  our  information  infrastructure  is  at 
increasing  risk,  but  its  vulnerability  is  not  sufficiently  understood  or  appreci¬ 
ated  and  there  is  not  in  place  a  process  to  appropriately  deal  with  the  prob¬ 
lem.  Increased  attention  must  be  paid  to  identifying  and  protecting  sensitive 
but  unclassified  information  within  the  Defense  and  Intelligence  Communi¬ 
ties.  In  addition,  the  information  system  security  countermeasures  that  are 
developed  should  be  available  more  broadly  to  protect  such  information  in 
the  rest  of  the  government,  as  well  as  information  that,  while  neither  classified 
nor  government- held,  is  crucial  to  US  security  in  its  broadest  sense.  We  have 
in  mind  information  about,  and  contained  in,  our  air  traffic  control  system, 
the  social  security  system,  the  banking,  credit,  and  stock  market  systems,  the 
telephone  and  communications  networks,  and  the  power  grids  and  pipeline 
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networks.  All  of  these  are  highly  automated  systems  that  require  appropriate 
security  measures  to  protect  confidentiality,  integrity  and  availability. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence  put  in  place  a  process  to  evaluate  the 
vulnerability  of  sensitive  but  unclassified  information  within  the 
Defense  and  Intelligence  Communities  and  to  explore  appropriate 
countermeasures. 
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Chapter  3. 

Threat  Assessments-The  Basis 
of  Smart  Security  Decisions 


A  critical  element 
necessay  to  make 
smart  security 
decisions  is 
reliable,  usable, 
intelligence  data 
defining  the 
threat. 


Asleep  at  the  Wheel 

While  our  broad  national  security  agenda  helps  set  the  stage  for  deter¬ 
mining  what  to  protect,  the  actions  of  other  states  and  individuals  define 
more  precisely  where  security  must  be  focused.  The  Commission  has  fre¬ 
quently  been  reminded  that  the  United  States  is  the  single  biggest  intelligence 
target  in  the  world.  Traditional,  long-range  intelligence  threat  predictions  are 
now  of  reduced  value  in  a  world  of  evolving  alliances  and  volatile  political, 
socioeconomic,  cultural,  and  regional -cf+ses.  Threats  must  be  reassessed  fre¬ 
quently.  The  Commission  found  many  instances,  discussed  throughout  this 
report,  where  security  countermeasures  currently  employed  appear  to  be 
excessive  in  terms  of  the  threats  or  are  not  linked  to  threats  at  all. 

A  critical  element  necessary  to  make  smart  security  decisions  is  reliable, 
usable,  intelligence  data  defining  the  threat.  Currently,  there  are  efforts  under¬ 
way  in  the  Defense  and  Intelligence  Communities  to  incorporate  threat 
assessments  when  developing  security  policies.  For  example,  the  DoD's 
Acquisition  Systems  Protection  Program  (ASPP),  designed  to  protect  leading- 
edge  technology,  calls  for  incorporating  threat  assessments  in  each  phase  of 
advanced  weapon  systems  devdopment.  Defector  information  and  espionage 
lessons  learned  are  taken  into  account  in  updating  personnel  security  proce¬ 
dures.  Physical  and  technical  security  policies  and  countermeasures,  tradi¬ 
tionally  based  on  vulnerability  assessments,  are  now  being  developed  using 
threat  information.  As  a  result,  security  policies  are  being  revised  and  dramat¬ 
ically  changed.  The  Commission  applauds  these  efforts. 

However,  getting  from  the  Intelligence  Communityspecifically  the 
counterintelligence  organ! zations-the  threat  information  necessary  to  sup 
port  coherent,  risk-based  security  countermeasures  policies,  military  opera¬ 
tions,  and  industry  is  an  ad  hoc  rather  than  a  systematic  process.  In  the 
absence  of  access  to  threat  assessment  information,  security  policies  have 
been  based  on  risk  avoidance,  constrained  primarily  by  the  availability  of 
resources. 

The  reasons  for  the  failure  to  incorporate  intelligence  and  counterintelli¬ 
gence  information  into  security  policies  are  numerous.  Traditionally,  the  intel¬ 
ligence  and  counterintelligence  communities  have  been  separate  and  distinct 
from  their  security  counterparts.  Intelligence  and  counterintelligence  activi¬ 
ties  are  discrete  programs  where  budgets  are  built  and  justified  in  terms  of 
collection  and  production  against  specific  targets.  Security  programs,  on  the 
other  hand,  are  normally  funded  from  base  operating  or  administrative  funds 
of  vari  ous  agenci  es  and  are  diffi  cu  It  to  I  i  nk  to  specifi  c  programs.  These  pro- 
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grams  and  funds,  when  accounted  for  at  all,  generally  have  not  had  to  face  the 
scrutiny  of  cost-risk  analysis  (with  some  individual  exceptions). 

Security  officials  do  not  always  know  how  to  task  the  Intelligence  Com¬ 
munity  for  threat  information.  They  have  neither  the  necessary  clearances  and 
contacts  within  the  Intelligence  Community  nor  an  understanding  of  the  con¬ 
tribution  that  intelligence  producers  can  make.  The  counterintelligence  com¬ 
munity,  for  its  part,  focuses  on  its  mission  of  conducting  investigations  and 
collecting,  analyzing,  and  exploiting  information  to  identify  and  neutralize 
the  intelligence  activities  of  foreign  powers  that  adversely  affect  US  national 
security.  Yet  the  security  policy  community  has  not  been  viewed  as  a  primary 
customer.  Consequently,  intdiigence  and  counterintelligence  requirements 
are  not  defined  to  support  rational  security  decision  making.  The  Commission 
believes  that  the  security  community  must  work  closely  with  the  N  ational 
Advisory  Group  for  Counterintelligence  and  the  newly  appointed  Issue  Coor¬ 
dinators  to  develop  collection  and  production  strategies  that  address  security 
consumers  needs. 

When  security  officials  do  task  for  threat  information,  support  is  not 
always  timely  and  frequently  is  overdassified.  Department  of  Defense  cus¬ 
tomers  often  wait  months  while  counterintelligence  requirements  are  for¬ 
warded  through  several  operational  levels  for  approval,  and  to  service 
headquarters  elements  for  validation.  The  requirement  is  then  forwarded  to 
analysis  centers  for  drafting,  which  requires  an  additional  120  days.  Some 
DoD  personnel  reported  to  the  Commission  response  times  longer  than  a  year 
for  critically  needed  requests.  Roadblocks  are  also  encountered  if  dassified 
information  needs  to  be  disseminated  in  an  unclassified  form.  The  counterin¬ 
telligence  community  seems  unable  to  provide  unclassified  analyses. 

One  senior  DoD  official  requested  an  unclassified  report  to  use  in  a  con¬ 
tractor  security  awareness  briffing.  The  r^ort  arrived  six  months  later-^ 
stamped  Secret,  Not  Releasable  to  Contractors. 

In  ihe  absence  of  a  comprehensive  threat  assessment  process,  some  secu¬ 
rity  organizations  have  performed  their  own.  The  Air  Force's  Special  Access 
Program  (SAP)  has  created  dedicated  analytic  cells  to  provide  timely  assess¬ 
ments.  Air  Force  SAP  intelligence  specialists  directly  contact  the  sdentific 
community  and  perform  independent  assessments  on  cutting  edge  Air  Force 
technologies  and  developmental  weapon  systems.  Navy  and  Army  SAP  pro¬ 
grams  draw  upon  cleared  service  analysts.  Not  possessing  a  cadre  of  analysts, 
DoD  field  elements  postulate  the  local  threat  using  worst  case  scenarios  until 
finished  assessments  arrive.  This  results  in  employing  stringent,  expensive 
countermeasures  to  prevent  the  loss  of  critical  technologies  information.  The 
field  elements  note  that  when  the  much  awaited  reports  do  show  up,  they  are 
either  too  general  to  be  applicable,  or  they  contradict  other  services  or  the 
Defense  Intelligence  Agency's  assessments,  often  regarding  the  same  technol¬ 
ogy. 

A  DoD  program  manager  requested  an  assessment  of  the  foreign  intelli¬ 
gence  threat  to  a  city,  with  particular  emphasis  on  whether  there  was  tar¬ 
geting  of  the  advanced  technology  system  that  was  being  developed  at  a 
facility.  Eighteen  months  later,  the  program  manager  received  from  one 
DoD  dement  an  assessment,  stating  that  the  threat  to  his  area  was  low, 
with  no  particular  foreign  interest  in  the  technology.  Another  DoD  dement 
had  already  informed  him,  six  months  earlier,  that  there  was  an  established. 


Security  officials 
do  not  always 
know  how  to  task 
the  Intelligence 
Community 
for  threat 
information. 
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There  is  no 
common 

counterintelligence 
database. .  .from 
which  threat 
assessments 
might  be  drawn. 


aggressive  foreign  inteiiigence  coiiection  program  targeting  the  deveioping 

technoiogy. 

There  is  a  schism  concerning  threat  information  between  security  policy 
officials  and  the  IntelligenceCommunity  that  widens  greatly  when  it  comes  to 
a  supportive  relationship  between  counterintelligence  organizations  and 
security  professionals.  Atthe  national  level,  counterintelligence  funding  is 
under  the  purview  of  the  EXZI's  National  Foreign  Intelligence  Program.  But 
the  counterintelligence  community  is  a  loose  confederation  of  separate  activi¬ 
ties  held  together  by  budgetary  convenience,  not  centralized  management.' 
The  five  major  counterintelligence  organizations  (FBI,  CIA,  Army,  Navy,  and 
Air  Force)  can  work  together  coUegially,  but  frequently  strike  out  on  their 
own.  Some  of  these  organizations  have  difficulty  identifying  their  customers. 
Indeed,  one  senior  counterintelligence  official  points  with  pride  to  the  fact 
that  "we  (counterintelligence  organizations)  are  our  own  best  customer." 
Counterintelligence  information  is  collected,  analyzed,  produced,  and  dis¬ 
seminated  separately  from  normal  intelligence  channels.  Critics  charge  that 
this  process  ignores  national  strategy  and  policymakers'  needs. 

This  fragmented  counterintelligence  organizational  structure  has  also  cre¬ 
ated  large  gaps  in  knowledge.  For  example,  there  is  no  common  counterintel¬ 
ligence  data  base,  either  within  the  Department  of  Defense  itself  or  among  the 
counterintelligence  organizations  generally,  from  which  threat  assessments 
might  be  drawn.  This  shortfall  may  contribute  to  the  difficulty  counterintelli¬ 
gence  organizations  have  had  in  supporting  clearly  defined  customers,  like 
the  National  Industrial  Security  Program  (NISP).  Despite  two  years  of  work 
by  counterintelligence  representatives  within  the  NISP,  no  mechanism  was 
created  to  communicate  threat  data  to  industry. 

For  senior  policymakers,  while  there  is  an  interagency  coordination  pro¬ 
cess  to  support  them,  the  products  fall  short.  N  ational  counterintelligence 
assessments,  such  as  the  "V^ds  of  Change"  and  the  "Triennial  Threat  Assess¬ 
ment  of  the  Foreign  Intelligence  Threat  and  Effectiveness  of  US  Counterintel¬ 
ligence  and  Security  Countermeasures,"  need  to  use  more  current  data,  be 
made  more  policy- relevant,  and  provide  a  clearer  picture  for  the  reader.  As 
now  written,  these  assessments  do  not  respond,  in  a  timely  manner,  directly 
to  national-level  requirements,  aid  resource  allocation,  or  meet  the  needs  of 
program  managers  and  military  commanders.  Future  editions,  if  any,  require 
a  keen  understanding  of  senior  policymakers'  requirements  and  tighter  ana¬ 
lytic  presentation  and  packaging. 

The  Commission  heard  from  many  individuals  within  the  Department  of 
Defense  about  the  need  to  streamline  the  counterintelligence  structure  and  we 
understand  that  the  Deputy  Secretary  of  Defense  and  the  Director  of  Central 
Intelligence  the  are  considering  options  to  do  this.  The  Commission  believes 
such  restructuring  can  bring  savings  and  better  service,  but  we  would  expand 
the  discussion  to  include  the  Attorney  General  and  the  Director  of  the  FBI  so 
as  to  incorporate  other  major  counterintelligence  organizations. 


A  Wake-Up  Call 

Information  about  the  dangers  posed  by  foreign  governments  and  orga¬ 
nizations  does  not  come  solely  from  counterintelligence  assets.  M  uch  of  it 
comes  from  human  sources  or  defectors,  signals  intelligence,  imagery  assets. 
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our  diplomatic  corps,  and  other  sources  that  need  to  be  more  actively  tasked 
by  security  officials.  In  other  areas  of  intelligence  production,  consumers  have 
a  single  place  to  go  for  analytic  assistance.  For  example,  counterterrorism  and 
nonproliferation  consumers  have  individual  points  of  contact  that  respond,  in 
a  coordinated  fashion,  to  their  needs.  The  DCI's  Counterterrorism  Center 
(CTC)  and  Nonproliferation  Center  (NPC)  personnel  reportedly  broker  timely 
responses  to  policymakers'  requests.  These  offices  do  not  compete  with  estab¬ 
lished  production  elements.  They  serve  as  facilitators,  drawing  on  informa¬ 
tion  and  substantive  expertise  from  within  the  community. 

The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence  appoint  the  DCI's  Counterintelli¬ 
gence  Center  as  executive  agent  for  "one-stop  shopping"  for  coun¬ 
terintelligence  and  security  countermeasures  threat  analysis. 


The  Commission  does  not  intend  by  this  recommendation  to  create  a 
counterintelligence  "czar"  or  to  supplant  existing  authority  for  counterintelli¬ 
gence  investigations,  operations,  or  the  unique,  individual  analytic  efforts  in 
support  of  specific  law  enforcement  or  military  operations.  Rather,  we  seek  a 
national -level  focal  point  for  threat  analysisthat  is  easily  accessible  by  gov¬ 
ernment  and  industry  to  support  broad  security  management  decisions.  This 
"one-stop  shopping"  office  must  operate  as  a  corporate  information  asset  of 
benefit  to  all  government  and  industry  customers.  The  Counterterrorism  Cen¬ 
ter  customer  response  office  can  serve  as  a  model. 

While  the  Counterintelligence  Center  lacks  the  expertise  in  domestic 
threats  that  the  Federal  Bureau  of  Investigation  has,  it  provides  an  estab¬ 
lished,  credible  intelligence  production  office  with  professional  analysts  able 
to  tap  into  the  full  range  of  intelligence  and  operational  reporting.  It  also  has 
the  most  experience  in  providing  analysis  for  senior  policymakers. 

However,  the  Commission  notes  that  the  current  analytic  and  community 
elements  of  the  Counterintelligence  Center  must  expand  and  change  dramati¬ 
cally  to  include  a  broader  community  and  industry  flavor  and  to  incorporate 
expertise  in  the  security  countermeasures  areas  that  it  lacks  currently,  such  as 
threats  to  information  systems  security.  The  Commission  expects  that  the 
Counterintelligence  Center  will  draw  upon  the  experience  and  knowledge  of 
other  agencies  when  preparing  responses  for  risk  management  decisionmak¬ 
ing  and  coordinate  the  products  extensively.  This  includes  drawing  upon  the 
NSA's  and  theDISA's  ongoing  efforts  that  focus  on  threats  to  information  sys¬ 
tems  security.  Existing  interagency  analytic  efforts,  such  as  the  National  Advi¬ 
sory  Group  for  Counterintelligence's  Analytic  Working  Group,  will  fold  into 
this  initiative. 

Further,  dissemination  procedures  need  to  be  restructured,  allowing  cus¬ 
tomers  to  pull  the  information  they  need  from  the  system,  instead  of  having  it 
pushed  to  them  in  restricted  formats.  Threat  information  needs  to  get  out  to 
users  at  all  levels  in  the  Defense  and  Intelligence  Communities  and  in  indus¬ 
try. 

The  Commission  is  aware  of  and  applauds  a  recent  decision  by  the  coun¬ 
terintelligence  agencies  to  create  an  interagency  data  base.  However,  the  data 
base  needs  to  expand  to  allow  for  users  with  varying  classification  levels.  The 
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Commission  also  urges  the  community  to  take  advantage  of  the  counterintel¬ 
ligence  data  base  program  now  under  way  within  the  Department  of  Defense 
and  ensure  that  the  two  data  bases  are  compatible.  This  interagency  data  base 
initiative  should  be  undertaken  and  a  prototype  fielded  immediately. 


The  Commission  recommends  that  the  DCI's  Counterinteiiigence 
Center  serve  as  the  executive  agent  to  spearhead  the  rapid  creation 
of  a  communitywide  counterinteiiigence  and  security  countermea¬ 
sures  data  base  for  government  and  industry  use. 
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Chapter  4. 

Personnel  Security — 

The  First  and  Best  Defense 


The  personnel 
security  system  is 
at  the  very  heart  of 
the  government's 
security  mission. 


So  far  as  concerns  theDoD  and  the  Intelligence  Community,  the  main 
purpose  of  personnel  security  programs  is  to  protect  the  national  security 
interests  of  the  United  States  by  insuring  the  reliability  and  trustworthiness  of 
those  to  whom  information  vital  to  those  i  nterests  is  entrusted,  because  the 
government  is  so  completely  dependent  on  cleared  personnel  to  safeguard 
classified  information,  the  personnel  security  system  is  at  the  very  heart  of  the 
government's  security  mission.  Without  adequate  personnel  screening,  the 
rest  of  the  security  mission  would  be  a  worthless  facade  and  a  waste  of 
resources.  Recent  history  is  regrettably  all  too  rich  in  proof  of  the  damage  that 
a  single  cleared  person  can  cause. 

The  Commission  believes  that  the  personnel  security  program  will 
remain  the  centerpiece  of  the  Federal  security  system  in  the  post  Cold  War 
era,  particularly  as  we  move  to  a  new  classification  system  in  which  more 
information  is  moved  out  of  compartments  and  made  available  to  greater 
numbers  of  people.  For  this  reason,  the  Commission  is  recommending 
enhancements  to  the  personnel  security  program.  These  enhancements  will 
result  in  increased  costs,  but  the  Commission  believes  these  costs  will  be  off¬ 
set  by  other  improvements  we  suggest. 

The  process  of  granting  clearances  will  always  be  controversial.  It  makes 
determinations  about  security  risk  by  examining  personal  background  infor¬ 
mation  to  form  a  judgment  that  can  have  serious  consequences  for  the  indi¬ 
vidual  and  for  the  government.  There  is  no  perfectly  reliable  or  unarguably 
correct  way  to  predict  whether  an  individual  will  become  a  security  problem 
in  the  future.  In  the  end,  all  clearance  decisions  are  judgments,  hoprfully  well 
informed  and  carefully  made,  but  nevertheless  fallible.  From  time  to  time  the 
process  will  fall  short,  either  to  the  detriment  of  an  individual  when  a  clear¬ 
ance  is  denied,  or  to  the  detriment  of  the  government  when  a  serious  security 
problem  develops. 

The  Commission  finds  that  the  clearance  process  is  needlessly  complex, 
cumbersome,  and  costly.  Security  clearances  are  sought  for  too  many  persons 
who  have  no  real  need  for  a  clearance.  There  are  too  many  different  forms  in 
use.  There  is  insufficient  automation  and  little  interconnectivity  between 
agencies.  Investigation  and  adjudication  are  practiced  inconsistently  among 
agencies,  resulting  in  reciprocity  problems,  delays,  and  increased  cost  to  both 
government  and  industry  All  too  frequently  clearances  granted  by  one 
agency  are  not  accepted  by  another,  or  even  by  another  program  manager 
within  the  same  agency. 

The  Commission  believes  that  these  shortcomings  in  the  Federal  person¬ 
nel  security  system  can  be  remedied.  Our  goal  is  to  establish  a  security  dear- 
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ance  Standard  the  application  of  which  will  be  tracked  in  a  communitywide 
data  base  and  will  be  fully  transferable  and  valid  among  all  government 
agencies. 


THE  PROCESS  BEGINS 


Requesting  a  Clearance 

Except  where  a  clearance  is  required  for  initial  employment,  the  clearance 
process  b^ins  when  management  determines  that  a  worka  requires  access  to 
classified  information  or  requires  the  authority  to  change  information  or  sys¬ 
tems  in  ways  which  may  affect  the  integrity  or  availability  of  information. 
Management  submits  a  clearance  request  form,  an  investigation  is  conducted, 
and  the  results  are  forwarded  to  an  ind^endent  adjudicative  center,  which 
determines  whether  the  individual  is  suitable  for  a  security  clearance.  Clear¬ 
ance  decisions  are  subject  to  appeal  and  review  through  formalized  adminis¬ 
trative  procedures.  The  government  conducts  similar  investigations  on  all 
Federal  civilian  employees  in  the  executive  branch  and  on  military  members 
to  determine  whether  they  are  suitable  for  Federal  employment  or  service. 
These  position  suitability  determinations  differ  from  clearance  decisions  in 
that  they  are  not  made  according  to  standardized  criteria.  Rather,  the  hiring 
component,  not  an  independent  adjudicative  center,  makes  the  determina¬ 
tion,  and  fewer  procedures  are  in  place  to  appeal  advase  decisions. 

The  Commission  learned  that  thousands  of  costly  security  clearances  are 
requested  annually  for  pasons  who  do  not  require  actual  access  to  classified 
information  or  technology  or  the  authority  to  modify  sensitive  information  or 
systems,  and  who  do  not  otherwise  occupy  sensitive  positions.  For  example, 
guards,  shipyard  workers,  various  trades  craft,  and  maintenance,  custodial, 
concession,  and  cafeteria  workers  are  routinely  submitted  for  clearance  even 
though  they  only  require  access  to  a  controlled  area  (facility  access)  and  thus 
may  receive  only  supaficial  or  inadvertent  exposure  to  classified  information. 
Unfortunately,  many  of  these  personnel  have  complex  backgrounds  which, 
when  applied  against  security  clearance  criteria,  require  extensive  investiga¬ 
tion  and  administrative  due  process,  thereby  overburdening  an  already  over¬ 
taxed  system.  This  only  serves  to  delay  significantly  the  processing  of 
legitimate  requests  and  increases  costs. 


The  Commission  recommends  that  clearances  be  requested  only  for 
personnel  who  require  actual  access  to  classified  information  or 
technology.  For  most  of  those  who  merely  require  facility  access,  a 
position  suitability  determination  based  on  the  results  of  a  National 
Agency  Check  with  Inquiries  (NACI)  should  be  the  maximum 
allowed. 


Thousands  of 
cos  tly  security 
clearances  are 
requested 
annually  for 
persons  who  do 
not  require  actual 
access  to  classified 
information 


The  Commission  found  that  many  managers  consider  the  clearance  pro¬ 
cess  slow  and  inefficient.  Because  there  is  no  cost  incurred  for  submitting 
clearance  requests,  military  commandas  and  program  directors  often  submit 
an  excessive  number  of  clearance  requests  to  ensure  that  they  receive  an  ade- 
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quate  number  of  cleared  personnel  to  meet  their  needs.  Investigative  and 
adjudicative  organizations,  many  of  whi ch  face steadi ly  deci i ni ng  budgets, 
must  accept  all  requests,  resulting  in  runaway  costs  and  delays  throughout 
the  system.  A  solution  is  needed  that  will  impose  discipline  at  the  requester 
level,  while  insuring  that  the  system  accommodates  essential  clearance 
requests  quickly  and  efficiently. 

A  fee-for-service  funding  mechanism,  such  as  industrial  funding  or  a 
revolving  fund,  can  impose  a  sense  of  cost  on  agencies  that  request  clearances. 
Rather  than  use  appropriated  funds,  industrially  funded  agencies  charge  elas¬ 
tomers  for  servi  ces  provided  and  fi  nance  operations  from  this  i  ncome.  Fee- 
for-service  operations  tend  to  be  more  efficient  and  appropriately  scaled  to 
size  because  customers  must  consider  the  cost  of  the  service  when  maki  ng 
requests.  For  example,  the  Office  of  Personnel  M  anagement  (0PM ),  which 
operates  on  a  revolving  fund,  found  that  investigative  requests  steadily 
decreased  after  it  instituted  industrial  funding.  Similar  decreases  in  clearance 
requests  would  likely  occur  with  the  adoption  of  an  industrial  funding  mech¬ 
anism  throughout  the  DoD  and  the  Intelligence  Community  (to  include 
industry).  Fee  schedules  could  be  developed  that  would  allow  agencies  and 
organizations  requesting  clearances  to  trade  off  the  advantages  of  expedited 
processing  against  higher  costs.  The  Commission  recognizes  that  converting 
to  a  new  funding  strategy  cannot  be  accomplished  overnight.  However,  we 
believe  that  it  is  time  to  begin  purposefully  moving  towards  this  new  strategy. 


The  Commission  recommends  that  fee-for-setvice  mechanisms  be 
instituted  to  fund  ciearance  requests  within  the  DoD  and  the  Intei- 
ligence  Community. 


Rescreening  and  Fairness 

Rescreening  is  the  process  of  assessing  the  likelihood  that  individuals 
will  be  cleared  before  they  are  formally  submitted  for  a  clearance.  It  generally 
involves  the  completion  of  a  personal  history  statement  or  security  question¬ 
naire  and/  or  interviews  with  the  subject  or  supervisors.  Prescreening  saves  a 
considerable  amount  of  time  and  money  by  insuring  that  only  those  individu¬ 
als  with  a  reasonable  chance  of  obtaining  a  clearance  are  submitted  for  pro- 
cessi  ng.  A 1 1  agenci  es  i  n  the  DoD  and  the  I  ntel  I  i  gence  Commu  ni  ty  prescreen 
applicants  to  some  d^ree.  For  example,  in  the  DoD,  prescreening  is  con¬ 
ducted  at  military  enlistment  centers  and  on  all  persons  considered  for  SCI 
access.  The  effectiveness  of  this  program  is  evident  in  the  very  low  clearance 
denial  rates  for  these  individuals. 

The  Commission  learned  that  substantial  problems  may  develop  if  gov¬ 
ernment  organizations  ask  private  firms  to  prescreen  their  own  employees  for 
a  security  clearance.  Such  firms  are  concerned  about  legal  liability  if  they  con¬ 
duct  prescreening  as  agents  of  the  government.  Contractors  may  interpret  the 
relevant  security  standards  differently  and  are  not  able  to  waive  the  standards 
as  do  government  organizations.  Consequently,  qualified  individuals  may 
needlessly  be  denied  an  assignment  or  even  employment.  Further,  if  the  con¬ 
tractor  performs  the  prescreening  of  its  own  employees  instead  of  the  govern¬ 
ment,  those  eliminate  have  no  appeal  rights. 
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Furthermore,  suggestions  have  been  made  that  some  firms  use  the  clear¬ 
ance  process  to  weed  out  employees  that  they  consider  unsuitable.  For  exam¬ 
ple,  government  investigators  conducting  background  checks  sometimes  find 
that  the  subject's  managers  and  supervisors  will  not  recommend  the  subject 
for  clearance.  In  other  cases,  investigators  discover  that  the  individual  whose 
name  was  submitted  for  clearance  is  not  scheduled  to  work  on  a  classified 
contract.  In  these  instances  the  clearance  denial  can  afford  the  contractor  a 
convenient  explanation  for  terminating  the  individual's  employment.  The 
Commission  believes  that  it  is  the  obligation  of  the  contractor  to  nominate 
individuals  who  enjoy  the  full  support  of  management  within  the  firm. 


The  Commission  recommends  that  formal  prescreening  of  contrac¬ 
tor  personnel  be  solely  performed  by  the  government  or  an  inde¬ 
pendent  company  hired  by  the  government  specifically  for  that 
purpose,  not  by  the  company  that  employs  the  personnel. 


While  most  prescreening  programs  appear  effective  in  weeding  out  prob¬ 
lem  cases,  some  special  access  programs  have  prescreened  individuals  with¬ 
out  their  knowledge  or  consent.  While  this  practice  is  not  widespread,  it  may 
result  in  adverse  employment  consequences  and  deprive  the  person  of  know¬ 
ing  the  rationale  for  the  employment  consequences  or  having  the  right  to 
appeal.  The  Commission  believes  that  unconsented  prescreening  should  not 
be  conducted  unless  warranted  by  extraordinary  circumstances,  such  as  cover 
or  counterintelligence  operations. 


Some  special 
access  programs 
have  prescreened 
individuals 
without  thdr 
knowledge  or 
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The  Commission  recommends  that  within  the  DoD  and  the  Intelli¬ 
gence  Community,  individuals  (including  employees  of  contractors) 
considered  for  a  contractual  or  employment  related  security  clear¬ 
ance  or  access  may  be  formally  prescreened  only  with  their  full 
knowledge  and  consent,  unless  conducted  pursuant  to  procedures 
approved  by  the  security  executive  committee. 


Forms  and  Automation-Ending  the  Paper  Trail 

The  Commission  found  that  there  are  literally  hundreds  of  different 
forms  designed  to  establish  clearance  and  access  eligibility.  For  example,  there 
are  over  45  different  prescreening  forms  in  use  throughout  the  government 
and  industry,  all  of  which  request  essentially  the  same  information.  Individu¬ 
als  must  often  complete  several  such  forms  to  obtain  access  to  different  pro¬ 
grams,  resulting  in  delays  and  ultimately  in  increased  costs. 

A  number  of  forms  and  personnel  security  questionnaires  are  used  to 
apply  for  security  clearances.  None  are  accepted  laterally.  Currently  the 
Office  of  Management  and  Budget  (0MB)  supports  the  establishment  of  a  sin¬ 
gle  form  for  all  positions  in  government  that  require  a  clearance  or  are  other¬ 
wise  designated  as  sensitive.  TheNISP  has  developed  such  a  standard  form  to 
replace  all  other  personnel  security  questionnaires,  but  it  has  not  yet  been 
adopted.  Until  a  standard  government  form  is  adopted,  the  Secretary  of 
Defense  and  the  Director  of  Central  Intelligence  should  require  that  all  inves- 
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tigative  agencies  within  the  DoD  and  the  Intelligence  Community  recipro¬ 
cally  accept  the  government  approved  personnel  security  questionnaires  of 
other  agencies. 


The  Commission  recommends  that 

a)  The  personnel  security  questionnaire  devised  by  the  NISP  be 
adopted  for  use  throughout  the  Department  of  Defense  and  the 
Intelligence  Community. 

b)  A  standard  prescreening  form  be  developed  for  use  through¬ 
out  the  Department  of  Defense  and  the  Intelligence  Community. 


The  Commission 
beiieves  that 
automation  is 
cruciai  to 
improving 
efficiency  and 
responsiveness 
throughout  the 
dear  an  ce  process. 


The  Commission  supports  the  development  of  standardized  forms  in  an 
electronic  format  as  a  way  to  facilitate  reciprocity  and  reduce  costs.  Currently, 
most  clearance  request  forms  and  questionnaires  are  paper-based.  Accord¬ 
ingly,  handling  times  add  weeks  to  the  process  of  conducting  background 
investigations.  Moreover,  as  many  as  30  percent  of  these  questionnaires  are 
rejected  due  to  missing  or  incomplete  data,  adding  as  much  as  three  months 
to  the  clearance  process  and  thereby  driving  up  costs.  Significant  savings  will 
be  realized  when  personnel  security  questionnaires  are  developed  in  an  inter¬ 
active,  electronic  format  that  guides  the  completion  of  each  response  and 
ensures  that  only  fully  completed  forms  are  submitted.  The  Commission 
believes  that  automation  is  crucial  to  improving  efficiency  and  responsiveness 
throughout  the  clearance  process.  Examples  of  ongoing  and  needed  initiatives 
include: 

•  The  CIA  and  the  0PM  have  issued  laptop  computers  to  field  investiga¬ 
tors  so  that  field  reports  can  be  submitted  electronically  rather  than  dictated 
and  typed  at  separate  locations. 

•  Some  agencies  are  exploring  the  use  of  computer  administered  security 
interviews  as  a  way  to  gather  information  from  subjects  in  a  more  cost  effec¬ 
tive  manner.  Computer  administered  interviews  cost  as  little  as  $20  to  $30  per 
interview,  versus  up  to  $200  for  a  subject  interview. 

•  Military  members  frequently  arrive  at  assignments  without  the 
required  security  clearance,  driving  up  costs  as  they  await  clearances  to  per¬ 
form  duties.  One  adjudicative  organization  has  proposed  that  linkages  be 
developed  among  investigative  indices,  adjudicative  data  bases,  and  person¬ 
nel  data  bases,  forming  an  electronic  data  interchange  that  would  ensure 
almost  all  military  members  arrive  at  their  next  assignment  with  clearance  in 
hand. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence  invest  in  automation  to  increase 
timeliness,  reduce  cost,  and  improve  the  efficiency  of  the  entire  per¬ 
sonnel  security  program. 
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INVESTIGATIONS-ASSESSING  TRUSTWORTHINESS 

In  1993,  theDoD  accounted  for  the  majority  of  cleared  personnel  in  the 
Federal  Government:  about  60  percent  of  the  over  800,000  individuals  cleared 
totheTop  Secret  and  SCI  levels;  97  percent  of  the  2.24  million  individuals 
cleared  to  the  Secret  level;  and  99  percent  of  the  151,000  cleared  to  the  Confi¬ 
dential  level.  With  such  a  large  number  of  cleared  personnel,  any  attempt  to 
increase  investigative  requirements  for  the  DoD  will  result  in  substantial  cost 
increases. 

Currently,  Federal  agencies  conduct  more  than  15  types  of  investigations. 
However,  the  majority  fall  into  the  following  three  categories: 

•  The  National  Agency  Check  (NAC)  or  Entrance  National  Agency 
Check  (ENTNAC),  which  involves  records  checks  of  national  law  enforce¬ 
ment  and  government  agencies. 

•  The  National  Agency  Check  with  Inquiries  (NACI),  which  includes  the 
records  checks  described  above  plus  written  inquiries  to  local  law  enforce¬ 
ment  agencies,  former  employers  and  supervisors,  listed  references,  and 
schools  attended  in  the  previous  five  years. 

•  The  Single  Scope  Background  Investigation  (SSBI),  which  is  a  full  field 
investigation  with  a  scope  of  10  years  that  includes  the  checks  described 
above  plus  credit  checks,  subject,  reference,  and  neighborhood  interviews,  as 
well  as  verification  of  birth,  citizenship,  education  and  employment. 

Investigative  Requirements-Streamiining  the  Process 

In  1991,  National  Security  Directive  63  established  the  SSBI  as  the  single 
investigative  requirement  for  access  to  Top  Secret  and  Sensitive  Compartment 
Information  throughout  the  Federal  Government.  A  10-year  scope  was 
adopted  as  a  compromise  between  the  15-year  scope  of  the  special  back¬ 
ground  investigation  and  the  five-year  scope  of  the  background  investigation. 
While  not  required  by  DCID  1/14,  certain  agencies  and  programs  augment 
SSBIs  with  some  form  of  screening  polygraph. 

N  SD  63  ordered  that  SSBIs  would  not  be  duplicated  and  would  transfer 
between  agencies.  However,  some  agencies  citing  variability  in  investigative 
quality,  take  advantage  of  a  loophole  in  NSD  63  to  "upscope"  investigations 
conducted  by  other  organizations.  The  variability  in  the  quality  of  investiga¬ 
tions  stems  from  differences  in  use  of  telephone  interviews  (considered  a  sub¬ 
standard  practice  by  many),  number  of  sources  contacted  and  number  and 
diversity  of  developed  leads  pursued.  Some  agencies  report  results  in  full, 
detailed  narratives  while  others  use  summaries.  These  inconsistencies  serve 
as  an  obstacle  to  reciprocity  and  add  to  processing  delays. 

The  Commission  believes  that  the  SSBI  is  a  reasonable  investigative 
requirement  for  access  to  specially  protected  information  under  the  new  clas¬ 
sification  system.  However,  it  can  be  made  more  efficient  by  refining  the  scope 
and  eliminating  unproductive  leads  that  are  expensive  and  costly  to  develop. 
A  1991  study  by  theDCI's  Personnel  Security  Working  Group  (PSWG)  deter¬ 
mined  that  90  percent  of  adjudicative  issues  are  developed  within  a  seven 
year  scope.  M  oreover,  the  Commission  learned  from  the  invest! gativecom- 


44 


Chapter  4.  Personnel  Security-  The  First  and  Best  Defense 


The  Commission 
found  substantiai 
support .  .  for 
increasing  the 
Secret  dear  an  ce 
requirement  to  a 
NACI  plus  credit 
check. 


mimity  that  requiring  investigators  to  interview  neighborhood  sources  at 
every  residence  and  to  conduct  education  and  birth  record  checks  in  person  is 
costly,  time  consuming  and  rarely  elicits  significant  adjudicative  information. 
They  suggest  that  refining  the  SSBI  to  address  these  concerns  will  drive  down 
costs  without  affecting  the  quality  of  the  investigation.  For  example,  subjects 
could  be  required  to  provide  verification  of  birth  and  education  rather  than 
using  investigative  time  to  pursue  these  leads. 

Currently,  there  is  no  common  investigative  requirement  for  Secret  or 
Confidential  access  in  the  Federal  Government.  M  ilitary  enlisted  personnel, 
and  officers,  upon  entry  into  the  military,  receive  some  variant  of  a  N  AC  that 
serves  as  the  basis  for  granting  Secret  and  Confidential  clearances.  This  is  the 
lowest  investigative  requirement  in  government.  Federal  civilian  employees 
are  granted  Secret  and  Confidential  access  on  the  basis  of  a  NACI  or  a  limited 
background  investigation. 

As  the  Commission  proposes  to  downgrade  a  significant  amount  of  infor¬ 
mation  from  higher  to  lower  levels  of  protection,  we  are  concerned  by  Intelli¬ 
gence  Community  representatives  who  have  stated  that  they  will  oppose 
downgrading  information  if  the  only  investigative  requirement  for  generally 
protected  access  is  a  NAC.  They  do  not  believe  that  the  NAC  provides  an  ade¬ 
quate  assessment  of  trustworthiness  or  reliability.  The  Commission  concurs 
and  believes  that  the  only  way  to  move  more  information  out  of  compart¬ 
ments,  thereby  increasing  its  availability  to  customers,  is  to  increase  the  inves¬ 
tigative  requirement  for  access  to  classified  information  that  is  generally 
protected". 

The  Commission  found  substantial  support  in  the  Defense  and  Intelli¬ 
gence  Communities  for  increasing  the  Secret  clearance  requirement  to  a  NACI 
plus  credit  check.  The  Stilwell  Commission  and  the  NKP  made  similar  recom¬ 
mendations.  While  this  initiative  will  increase  the  cost  of  each  investigation 
by  50  percent  (from  $48  to  $72)^^,  offsets  will  be  real i zed  through  an  overal I 
r^uction  in  the  number  of  individuals  who  undergo  full  field  investigations 
and  reinvestigations  and  operational  economies  derived  through  greater 
availability  of  needed  classified  information  to  the  customer  community. 


The  Commission  recommends: 

a)  The  investigative  standard  for  a  Secret  Compartmented  Access 
clearance  be  an  SSBI  with  a  scope  of  seven  years.  Moreover,  investi¬ 
gators  should  not  be  required  to  conduct  education  and  birth  record 
checks  in  person  or  neighborhood  checks  other  than  the  most  recent 
residence  of  six  months  or  more. 

b)  The  investigative  standard  for  a  Secret  ciearance  be  a  NACI 
plus  credit  check,  with  expansion  as  appropriate  to  follow  up  only 
on  issues  likely  to  result  in  adverse  adjudication. 


Continuing  Evaluation — Reinvestigations  and  Safety  Nets 

The  personnel  security  program  continually  assesses  the  integrity  and 
trustworthiness  of  the  clear^  work  force  through  periodic  reinvestigations. 
U  S  espionage  cases  over  the  last  20  years  have  shown  that  most  damage  to 
national  security  is  caused  by  already  cleared  personnel,  those  insiders  who 
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volunteer  to  sell  or  give  classified  information  to  foreign  governments.  Very 
few  applicants  intend  to  commit  espionage  at  the  time  they  seek  employment. 
Currently,  individuals  cleared  to  theTop  Secret  or  SQ  levels  are  reinvesti¬ 
gated  every  five  years,  and  some  agencies  or  programs  may  require  a  screen¬ 
ing  polygraph.  Those  cleared  to  the  Secret  or  Confidential  levels  are 
reinvestigated  every  10  years,  although  the  DoD,  with  over  2  million  cleared 
personnel,  is  only  current  to  15  years. 

The  Commission  believes  that  current  reinvestigation  policies  should  be 
refined  to  increase  efficiency.  For  example,  an  aperiodic  reinvestigation  inter¬ 
val  would  offer  a  greater  deterrent  effect  and  provide  agencies  with  more  flex¬ 
ibility  to  focus  resources  on  priority  investigations.  Adjudicative  facilities  also 
have  indicated  that,  based  on  revocation  experience,  a  seven  year  reinvestiga¬ 
tion  interval  for  a  Secret  Compartmented  Access  clearance  and  a  10-year 
interval  for  a  Secret  clearance  are  the  most  efficient. 


The  Commission  recommends  that: 

a)  The  reinvestigation  standard  for  a  Secret  Compartmented 
Access  clearance  be  an  SSBI.  Reinvestigations  will  be  conducted  on 
an  aperiodic  basis,  but  not  iess  than  once  every  seven  years. 

b)  The  reinvestigation  standard  for  a  Secret  ciearance  be  a  NAC, 
locai  agency  check  and  a  credit  check.  Reinvestigations  will  be  con¬ 
ducted  on  an  aperiodic  basis,  but  not  iess  than  once  every  10  years. 


While  reinvestigation  provides  an  important  way  to  monitor  the  integrity 
of  the  work  force,  safety  nets  are  also  needed  to  ensure  that  personnel  do  not 
become  counterintelligence  risks  after  they  obtain  a  clearance.  Studies  have 
shown  that  many  American  spies  in  the  19^  turned  to  espionage  as  a  way  to 
resolve  personal  problems  or  crises.  Some  were  disgruntled  workers  who 
wanted  to  stri  ke  out  at  the  system  for  perceived  injustices,  somewere  faced 
with  pressing  financial  problems,  others  were  struggling  with  conflict-ridden 
family  situations  and  still  others  had  alcohol  or  drug  abuse  difficulties.  Many 
saw  espionage  as  the  only  way  to  resolve  their  problems.  They  volunteered  to 
sell  or  give  classified  information  to  foreign  governments  after  convincing 
themselves  that  they  could  spy  safely  and  not  be  detected. 

While  only  a  very  small  percentage  of  employees  with  personal  problems 
become  involved  in  espionage  or  other  serious  security  transgression,  the 
damage  that  can  be  caused  by  even  one  person  with  sensitive  access  serves  to 
i  1 1  ustrate  the  val  ue  of  programs  that  hel  p  employees  resolve  personal  prob¬ 
lems.  A  few  convicted  spies  have  stated  that  at  the  time  they  began  spying 
they  were  emotionally  distraught  and  in  need  of  counseling.  Employee  assis¬ 
tance  programs  provide  short-term  counseling  and  referral  services  for  a  vari¬ 
ety  of  problems,  including  financial,  family,  vocational,  emotional,  and 
substance  abuse.  Recognizing  the  value  of  these  programs  in  increasing 
worker  productivity,  many  private  corporations  and  some  government  agen¬ 
cies  have  establish^  Employee  Assistance  Programs  or  contract  out  for  these 
services.  National  security  organizations  have  an  even  greater  stake  in  insur¬ 
ing  that  such  services  are  available  to  their  employees. 


Safety  nets  are 
also  needed  to 
ensure  that 
personnel  do  not 
become  counter¬ 
intelligence  risks 
after  they  obtain 
a  clearance 
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The  Commission  commends  those  agencies  that  haveestabiished 
Employee  Assistance  Programs  and  recommends  that  all  agencies  in 
the  D^ense  and  Intelligence  Communities  ensure  that  similar  pro¬ 
grams  or  contractual  services  are  available  to  employees,  particu¬ 
larly  those  with  access  to  specially  protected  information. 


D  days  in  the 
investigative  and 
adjudicative 
process  contribute 
directiy  to 
customer  and 
government  costs. 


Clearance  Processing-Time  Is  Money 

Delays  in  the  investigative  and  adjudicative  process  contribute  directly  to 
customer  and  government  costs.  As  far  back  as  1981,  the  General  Accounting 
Office  (GAO)  reported  to  Congress  that  nearly  a  billion  dollars  was  wasted 
annually  because  of  investigative  backlogs  at  the  Defense  Investigative  Ser¬ 
vice.  The  GAO  recommended  solving  this  "$980  million  problem"  by  increas¬ 
ing  appropriations  for  the  DE  by  $12.5  million. 

The  Commisaon  found  that  there  is  no  performance  standard  for  timeli¬ 
ness  in  completing  investigations  and  adjudications.  The  Commission  repeat¬ 
edly  heard  from  the  customer  community  that  90  days  is  an  appropriate 
standard  for  completion  of  the  average  investigation  and  adjudication  (65 
days  for  the  investigation).  However,  the  DIS,  which  has  contended  with 
declining  resources,  completes  SSBIs  in  an  average  of  149  days  (including 
about  40  days  for  conducting  overseas  leads)  and  does  not  charge  a  fee.  The 
0PM  completes  SSBIs  in  35,  75  or  120  days,  and  charges  a  variable  fee.  A 
major  SAP  uses  a  private  firm  that  completes  investigations  in  an  average  of 
34  days  but,  if  directed,  terminates  some  cases  when  significant  adverse  infor¬ 
mation  is  developed.  While  private  firms  cannot  handle  a  substantial  volume 
at  this  time,  contracting  out  investigations  in  special  circumstances,  such  as 
priority  cases,  may  enhance  competitiveness  and  further  lower  cost  by  pre¬ 
venting  the  development  of  backlogs  and  delays. 

The  Commission  found  that  several  adjudicative  organizations  were 
quite  timely  in  their  processing.  Others,  however,  required  as  much  or  more 
time  to  complete  the  adjudication  than  was  expended  on  the  investigation. 
Processing  and  appellate  review  of  individuals  facing  a  possible  loss  or  denial 
of  a  clearance  also  range  in  processing  time  from  120  days  at  one  organization 
to  two  years  for  organizations  that  offer  an  evidentiary  hearing.  The  Commis¬ 
sion  believes  these  areas  are  particularly  amenableto  cost  savings  through 
process  improvement. 

The  cost  directly  attributable  to  delays  in  the  investigative  process  in  FY 
1994  could  be  as  high  as  several  billion  dollars  (assuming  that  theDoD  incurs 
an  average  cost  of  $250  per  day  beyond  the  90-day  standard  for  each  worker 
who  is  unable  to  perform  his/  her  duties  while  awaiting  a  security  clearance). 
In  addition,  the  DIS  is  scheduled  to  take  further  cuts  through  FY  1999thatwiil 
substantially  increase  average  investigation  completion  times,  resulting  in 
additional  billions  of  dollars  in  lost  productivity  as  workers  are  assigned 
other  suboptimal  duties  while  awaiting  clearances. 

Delays  in  the  clearance  process  also  contribute  to  increased  costs  for 
industry.  In  today's  difficult  contracting  environment,  many  firms  that  do  not 
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hold  classified  contracts  on  a  continuing  basis  are  handicapped  in  pursuing 
new  contracts  because  clearance  eligibility  lapses  on  key  personnel.  A  six-  to 
nine-month  delay  can  result  while  contractors  await  clearance  revalidation. 
Should  the  contract  involve  state-of-the-art  battlefield  technology,  this  loss  in 
time  could  equate  to  a  loss  of  life  for  our  forces.  Waiting  time  for  personnel 
involved  plus  delay  in  contract  deliveries  amounts  to  a  significant  cost  to  the 
American  taxpayer. 

A  private  firm  with  government  contracts  reported  that  it  has  57  evpioyees 
in  the  Washington,  DC  area  who  have  been  waiting  six  to  nine  months  for 
clearances  at  a  cost  to  the  company,  and  ultimately  the  government,  of 

approximately  $2.6  million. 


The  Commission  recommends  that: 

ai  Aii  investigative,  adjudicative,  and  appeiiate  organizations 
begin  an  orchestrated  process  improvement  program  with  the  goal 
of  continuing  to  ensure  fairness  and  quality  while  vastly  improving 
timeliness. 

b)  Standard  measurabie  objectives  be  estabiished  to  assess  the 
timeliness  and  quality  of  investigations,  adjudications,  and  admin¬ 
istrative  process  and  appeais  performed  by  aii  such  organizations 
within  the  DoD  and  the  Intelligence  Community. 

c) Asiongasan  individuai  has  been  investigated  within  the  iast 
10 years,  interim  ciearanceatthepreviousiy  maintained  ievei  may 
be  granted  based  upon  a  favorabie  review  of  a  personnei  security 
questionnaire. 

d)  Standard  interim  access  procedures  be  established  throughout 
the  community  for  those  not  previously  cleared  to  the  generally  pro¬ 
tected  and  specially  protected  levels. 


A  six-  to  nine- 
month  delay  can 
result  while 
contractors  await 
clearance 
re\/alidation. 


ADJUDICATION 

Adjudicative  Standards  and  Criteria 

Adjudication  is  the  process  of  determining  whether  an  individual  meets 
established  criteria  for  access  to  classified  information.  Once  a  background 
investigation  has  been  completed,  the  entire  investigative  packet,  including 
records  of  any  prior  investigations,  are  forwarded  to  an  adjudicative  center. 
An  adjudicator  determines  whether  problem  behaviors  are  present,  and,  if  so, 
whether  the  behavior  is  severe  enough  to  warrant  a  denial  or  revocation  of  a 
security  clearance.  Factors  that  enter  into  the  decision  include  the  seriousness, 
recency,  frequency,  and  motivation  of  the  behavior  as  well  as  any  mitigating 
factors. 

The  Commission  reviewed  the  adjudicative  criteria  used  in  the  DoD  and 
the  Intelligence  Community,  visited  adjudicative  and  appellate  operations, 
met  with  senior  officials  regarding  their  adjudicative  philosophy  and  sought 
the  basis  for  a  number  of  adverse  adjudication2  occurring  in  the  past  5  years 
that  have  resulted  in  public  controversy.  The  Commission  notes  that  virtually 


48 


Chapter  4.  Personnel  Security-  The  First  and  Best  Defense 


Asa  result  of  a 
few  questionable 
decisions,  various 
special  access 
programs  and 
Federal  agencies 
have  developed  a 
wholesale  distrust 
of  the  industrial 
clearance  process, 
leading  them  to 
readjudicate  these 
decisions. 


all  of  the  adverse  adjudications  that  have  resulted  in  recent  public  or  congres¬ 
sional  outcry  appear  to  have  occurred  in  either  special  access  or  special  intelli¬ 
gence  programs  at  a  time  when  very  limited  procedural  safeguards  were 
made  available  to  personnel  working  within  such  programs.  In  October  1993 
the  last  of  these  programs  instituted  procedural  safeguards  for  those  who  face 
denial  or  revocation  of  their  special  access.  Those  safeguards,  discussed  below 
(see  pp.  55-65),  should  provide  much  better  protection,  but  the  Commission 
remains  concerned  about  the  lack  of  reciprocity  of  adjudications.  Efforts  are 
underway  to  establish  standard  adjudicative  criteria  for  the  entire  community 
and  these  must  be  brought  to  fruition. 

The  Commission  also  believes  that  the  security  executive  committee 
should,  as  a  first  priority,  develop  a  single  governmentwide  standard  for 
granting  security  clearances  for  both  Secret  and  Secret  Compartmented 
Access.  This  common  standard  should  eliminate  the  lack  of  reciprocity  among 
government  agencies  and  between  the  government  and  contractors. 

The  process  of  developing  common  standards  should  also  address  con¬ 
cerns  that  have  been  expressed  by  civil  liberties  groups  and  others  as  to 
whether  the  criteria  strike  the  right  balance  between  the  government's  need 
for  security  and  the  rights  of  the  individual.  The  Commission  is  pleased  to 
observe  that  such  issues  as  sexual  orientation  no  longer  are  per  se  bars  to  clear¬ 
ance  or  access.  In  this  regard,  the  Commission  notes  that  the  Attorney  General 
recently  issued  a  statement  on  nondisaiinination  in  employment  within  the 
Department  of  justice  and  the  FBI  issued  investigative  guidelines  and  security 
clearance  adjudication  guidelines.  The  Commission  has  not  had  an  opportu¬ 
nity  to  consider  these  guidelines  in  depth,  but  believes  that  the  principles 
expressed  in  these  guidelines  could  bethebasisfor  governmentwide  stan¬ 
dards. 

There  are  two  sets  of  adjudicative  criteria  in  the  DoD  and  the  Intelligence 
Community.  A  Director  of  Central  Intelligence  Directive  (DCID)  contains  the 
adjudicative  criteria  for  SCI  determinations.  While  SAPs  do  not  usually 
require  access  to  SCI,  they  may  require  that  personnel  meet  at  least  the  DCID 
criteria.  A  DoD  regulation  contains  the  adjudicative  criteria  for  Confidential, 
Secret,  and.  Top  Secret  for  the  military. 

The  N ISI'  has  developed  a  set  of  adjudicative  standards  that  merges  Top 
Secret  and  SCI  requirements.  These  standards  could  be  used  in  granting 
Secret-Compartmented  Access  clearances.  Parallel  standards  should  be  estab¬ 
lished  for  Sa:ret  clearances. 

Implementation  of  standards  for  adjudicating  background  investigations 
can  eliminate  multiple  readjudications.  For  example,  the  Commission  found 
that  the  Defense  Industrial  Security  Program  sometimes  grants  clearances  on 
the  basis  of  precedent  or  case  law  amassed  through  years  of  appeal  hearings. 
In  some  cases,  adjudicative  decisions  appear  to  deviate  substantially  from 
adjudicative  norms  followed  by  other  organizations  in  the  DoD.  As  a  result  of 
a  few  decisions,  various  special  access  programs  and  Federal  agencies  have 
developed  a  wholesaledistrust  of  the  industrial  clearance  process,  leading 
them  to  readjudicate  industrial  security  clearances.  The  establishment  and 
enforcement  of  a  single  adjudicative  standard  would  eliminate  the  need  for 
costly  readjudications. 

Savings  would  also  be  realized  within  departments  and  agencies  that 
have  suitability  requirements  not  related  to  security  which  they  apply  in  pro- 


49 


cessing  candidates  for  employment.  Such  assessments  could  be  accomplished 
in  less  time  and  at  less  cost  if  the  requirement  to  also  readjudicate  security-rel¬ 
evant  information  is  eliminated. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence  develop  and  adopt  a  common  set  of 
adjudicative  criteria  for  access  to  generally  protected  and  specially 
protected  information. 


DoD  Adjudicative  Facilities 


The  DoD  currently  has  18  separate  adjudicative  organizations  but  is  in 

the  process  of  consolidating  them  into  eight  facilities.  Staffing  of  the  various 
adjudicative  centers  varies  widely  (one  center  will  have  a  staff  of  one)  and 
most  are  neither  timely  in  their  actions  nor  responsive  to  their  customers.  Vir¬ 
tually  all  face  significant  budget  reductions  despite  the  fact  that  several  are 
already  substantially  understaffed  and  underequipped.  Few  adjudicative 
organizations  have  strategic  plans  for  integrating  their  information  with  the 
customer  base  or  employing  automation  to  manage  the  process. 

The  DoD  community  would  benefit  substantially  from  consolidating  its 
adjudicative  operations.  By  building  on  the  most  successful  adjudicative  pro¬ 
cesses  and  automation  models,  consolidation  would  improve  the  efficiency 
effectiveness,  and  consistency  of  the  adjudicative  system  Research  by  PER- 
SEREC  has  clearly  demonstrated  that  larger  adjudicative  facilities  tend  to  be 
more  efficient.  The  direct  savings  of  havin';  a  single  adjudicative  facility  in  the 
D:>D  pale  in  comparison  to  the  savings  to  be  realized  through  increasing  the 
timeliness  and  customer  responsiveness  of  personnel  security  programs. 

The  Commission  believes  that  the  NSA  should  be  excluded  from  the  con¬ 
solidation  of  adjudications  in  the  DoD.  At  the  NSA,  the  clearance  process  is 
inextricably  linked  to  the  hiring  process  much  as  it  is  for  the  QA.  The  Com¬ 
mission  believes  that  it  could  be  counterproductive  to  integrate  such  employ¬ 
ment-related  adjudications  into  the  central  adjudication  facility. 


The  Commission  recommends  that  all  DoD  adjudicative  entities, 
except  the  N  SA,  be  merged  into  one  organization  reporting  to  the 
appropriate  Under  Secretary  or  Assistant  Secretary  of  Defense. 


Research  by 
PERSEREC  has 
clearly 

demonstrated  that 
larger  adjudicative 
facilities  tend  to  be 
moreefficien  t. 


Reciprocity 

The  Commission  examined  the  practice  of  numerous  program  managers, 
particularly  those  within  SAPs,  exercising  their  option  to  readjudicate  already 
cleared  individuals.  This  adjudication  is  ostensibly  for  "access"  authorization 
and  not  for  clearance,  but  the  process  is  virtually  the  same  and  may  be 
repeated  over  and  over  again  depending  on  the  number  of  programs 
involved. 
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The  Commission 
is  not  convinced 
that  such 
readjudica  tions 
provide  additionai 
security  benefits 
and  is  concerned 
about  the 
significant  costs 
resulting  from  the 
delays  that  such 
readjudications 
impose. 


Recently,  149  engineers  at  a  major  defense  contractor  were  all  cleared  for 
SCI  to  work  on  an  existing  contract.  A  fter  the  contract  was  completed, 
these  same  engineers  were  badly  needed  for  another  SCI  contract  in  the 
same  facility  and  complex.  H  owe/er,  it  took  months  for  the  engineers  to  be 
re-adjudicated  and  approved  for  the  second  SCI  program. 

The  Commission  is  not  convinced  that  such  readjudications  provide 
additional  security  benefits  and  is  concerned  about  the  significant  costs  result- 
i  ng  from  the  del  ays  that  such  readjudications  i  mpose  upon  the  system.  The 
Commission  believes  that  if  SAP  and  other  special  program  managers  truly 
have  personnel  security  requirements  that  are  not  being  addressed  in  the 
clearance  process,  they  should  take  action  to  insure  their  requirements 
become  incorporated  into  current  and  future  adjudicative  standards.  Beyond 
that,  validation  of  an  existing  clearance  should  be  all  that  is  required  to  give 
an  individual  access  to  information  once  it  has  been  determined  that  the  indi¬ 
vidual  has  a  need  to  know  the  information. 


The  Commission  recommends  that: 

a)  Any  individual  who  has  an  existing  clearance  not  be  readjudi* 
cated. 

b)  Program  managers  be  limited  to  the  foiiowing  prerogatives 
when  making  access  determinations: 

1)  Verifying  that  the  individual  has  the  requisite  clearance. 

2)  Verifying  that  the  individual  has  a  need  to  know  the  classified 
information. 


Virtually  all  agencies  employ  risk  management  to  grant  exceptions  to  the 
adjudicative  standards  for  high  risk/  high  gain  individuals.  This  takes  into 
account  operational  needs,  unusual  expertise,  or  other  factors.  However,  few 
record  these  exceptions  in  shared  information  systems.  Any  conditional  clear¬ 
ance  or  waiver  of  normal  adjudicative  criteria  should  be  readily  identifiable  to 
other  organizations  that  may  subsequently  employ  the  individual.  This  will 
be  facilitated  by  implementation  of  central  clearance  verification  as  recom¬ 
mended  below. 


The  Commission  recommends  that  agencies  identify  conditionai 
ciearances  or  waivers  through  use  of  the  standard  codes  in  a  new 
central  data  base. 


PROCEDURAL  SAFEGUARDS 

In  this  section  of  its  report,  the  Commission  will  deal  with  certain  proce¬ 
dural  protections  and  administrative  remedies  that  may  or  may  not  be  avail¬ 
able  when  security  clearances  are  denied  or  revoked. 

In  order  to  give  its  considerations  some  focus  and  manageable  limits,  the 
Commission  has  elected  to  deal  only  with  those  questions  to  which  its  partic- 
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ular  attention  was  called  by  the  Conference  Report  that  accompanied  the 
Defense  Authorization  Act  For  1994.  Section  1183  of  that  Act  directed  the  Sec¬ 
retary  of  Defense  to  "conduct  a  review  of  the  procedural  safeguards  available 
to  Department  of  Defense  civilian  employees  who  are  facing  denial  or  revoca¬ 
tion  of  security  clearances,"  and  further  directed  that  this  review,  the  results  of 
which  are  to  be  reported  to  the  Congress  by  not  later  than  M  arch  1,  1994, 
should  specifically  consider  the  following: 

(A)  "Whether  the  procedural  rights  provided  to  Department  of  Defense 
civilian  employees  should  be  enhanced  to  include  the  procedural  rights  avail¬ 
able  to  Department  of  Defense  contractor  employees." 

(B)  "Whether  the  procedural  rights  provided  to  Department  of  Defense 
civilian  employees  should  be  enhanced  to  include  the  procedural  rights  avail¬ 
able  to  similarly  situated  employees  in  those  government  agencies  that  pro¬ 
vide  greater  rights  than  the  Department  of  Defense." 

(C)  "Whether  there  should  be  a  difference  between  the  rights  provided  to 
both  Department  of  Defense  civilian  and  contractor  employees  with  respect  to 
security  clearances  and  the  rights  provided  with  respect  to  sensitive  compart- 
mented  information  and  special  access  programs." 

These  questions  were  further  elaborated  by  the  Conference  Report,  as  fol¬ 
lows: 


The  conferees  direct  the  Secretary  to  ensure  that  the  review  spe¬ 
cifically  address  each  of  the  foil  owing  procedural  safeguards  in  the 
context  of  the  denial  or  revocation  of  security  clearances  with  respect 
to  civilian  employees  of  the  Department  of  Defense:  (1)  notice  of  the 
reasons  for  the  proposed  denial  or  revocation;  (2)  an  opportunity  to 
respond;  (3)  the  right  to  a  hearing  or  other  appearance  before  a  tribu¬ 
nal;  (4)  the  right  to  be  represented  by  counsd;  (5)  the  aval  I  ability  of 
trial-type  procedures,  such  as  the  opportunity  to  present  and  cross- 
examine  witnesses;  and  (6)  the  opportunity  to  appeal  any  final  deci¬ 
sion.  If  the  Secretary  determines  that  DoD  civilian  employees  should 
not  be  provided  with  procedural  rights  that  are  as  protective  as  those 
afforded  to  DoD  contractor  employees  with  respect  to  any  of  the  fore¬ 
go!  ng  matters,  the  Secretary's  rationale  for  each  such  difference 
should  be  set  forth  in  the  report. 

The  Conference  Report  then  added  this  comment: 

The  conferees  note  that  the  subject  of  security  clearances  within 
the  Department  of  Defense  is  undergoing  detailed  review  by  the 
Joint  Saurity  Commission  established  by  the  Secretary  of  Defense 
and  the  Director  of  Central  Intelligence,  which  is  scheduled  to  com¬ 
plete  its  work  by  February  1, 1994.  The  conferees  agree  that  the  Secre¬ 
tary  should  obtain  the  views  of  the  Commission  on  the  issues  set 
forth  in  the  conference  agreement,  but  note  that  the  final  responsibil¬ 
ity  for  addressing  these  issues  and  issuing  an  implementing  regula¬ 
tions  rests  with  the  Secretary. 

The  Commission  has  adopted  this  comment  as  its  framework,  because 
both  the  broader  questions  posed  by  the  Act,  and  the  more  exact  questions 
posed  by  the  Conference  Report,  take  as  their  baseline  the  procedural  safe 
guards  available  to  DoD  contractor  employees,  some  preliminary  discussion 
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is  necessary  in  order  to  understand  that  baseline.  It  is  also  necessary  to  under¬ 
stand  how  the  procedures  and  remedies  that  lie  along  that  baseline  compare 
with  the  safeguards  that  are  aval  I  able  to  civilian  DoD  employees,  and  with 
the  different  safeguards  that  apply  when  special  access  approvals  are  denied 
or  revoked  on  security  grounds  other  than  need-to-know  grounds. 


The  government 
has  an  initial 
burden  to  show 
that  the 

allegations  in  the 
Statement  of 
Reasons  have 
some  substantial 
support, but  the 
ultimate  burden 
. . .  falls  on  the 
other  side 


DoD  Contractor  Personnel 

Background  investigations  relating  to  DoD  contractor  personnel  are  con¬ 
ducted  by  the  Defense  Investigative  Service.  If  an  investigation  develops 
information  that  must  be  adjudicated  in  order  to  determine  if  a  security  clear¬ 
ance  should  be  denied  or  revoked,  the  case  is  referred  to  the  Directorate  for 
Industrial  Security  Clearance  Review  (DISCR),  which  conducts  the  adjudica¬ 
tive  process,  as  it  also  does  in  cases  involving  contractor  personnel  doing  clas¬ 
sified  work  for  some  20  other  government  agencies  or  organizations,  not 
however  including  theCIA,  or  the  NSA.  The  adjudicative  process  isautho- 
rized  and  directed  by  EO  10865  0960),  as  amended  by  EO  10909  0961),  and  an 
implementing  regulation,  DoD  Directive  5220.6.  The  Director  of  DISCR 
reports  to  the  Deputy  General  Counsel  of  the  DoD. 

Thousands  of  cases  are  referred  to  the  DISCR  each  year.  If  in  any  case  the 
DISCR  is  able  to  make  the  requisite  finding  of  clear  consistency  with  the 
national  interest,  based  on  the  criteria  set  forth  in  Directive  5220.6,  that  find¬ 
ing  resolves  the  case  and  the  clearance  is  granted.  Otherwise  the  DISCR  pre¬ 
pares  a  Statement  of  Reasons  which  resembles  a  civil  complaint  and  must 
state  in  detail  (so  far  as  national  security  considerations  permit)  the  reasons 
why  it  may  not  be  clearly  consistent  with  the  national  interest  to  grant  or  con¬ 
tinue  a  clearance.  The  Statement  of  Reasons  must  be  provided  to  any  person 
to  whom  it  rel  ates.  Such  persons  also  are  i  nformed  that  they  are  obl  iged  to 
answer  every  allegation  in  the  Statement  of  Reasons  within  20  days,  that  they 
have  a  right  to  a  hearing  before  an  Administrative)  udge,  that  the  government 
will  be  represented  by  counsel  at  that  hearing,  and  that  they  may  also  be  rep¬ 
resented  by  an  attorney  of  their  own  choice  and  at  their  own  expense.  There  is 
no  provision  for  the  assignment  of  defense  counsel  at  public  expense. 

H  the  hearing  right  is  exercised,  there  is  some  opportunity  for  discovery, 
essentially  limited  to  proposed  exhibits  and  non-privileged  documents  in  the 
control  of  the  DISCR.  Testimony  at  the  hearing  is  taken  under  an  admonition 
by  the  Administrative]  udge  that  the  Federal  false  statement  statute,  which 
carries  criminal  penalties,  is  applicable  to  that  testimony.  Witnesses  are  sub¬ 
ject  to  cross-examination,  except  that  under  some  circumstances,  againfor 
reasons  of  national  security,  the  right  of  cross-examination  may  be  curtailed  or 
denied.  Although  witnesses  may  be  requested  to  appear  or  instructed  by  their 
agencies  or  employers  to  appear,  and  are  paid  per  diem  and  travel  expenses  if 
they  do  so,  neither  government  counsel  nor  the  defense  has  the  power  to  com¬ 
pel  the  attendance  of  witnesses  by  subpoena.  The  government  has  an  initial 
burden  to  show  that  the  allegations  in  the  Statement  of  Reasons  havesome 
substantial  support,  but  the  ultimate  burden-on  the  issue  of  clear  consis¬ 
tency  with  the  national  interest-falls  on  the  other  side.  Defense  evidence 
may  be  submitted  not  only  in  rebuttal,  but  also  in  mitigation  or  extenuation. 
The  Federal  Rules  of  Evidence  are  used  as  a  guide.  The  Administrative  judge 
renders  a  written  decision,  which  may  be  appealed  by  the  losing  party  to  a 
three-member  Appeal  Board,  which  reviews  the  record  and  rules  on  alleged 
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errors.  The  Administrative]  udge  and  the  members  of  the  Appeal  Board  are 
attorneys  and  are  part  of  the  DISCR  organization. 

If  no  hearing  is  requested,  the  case  is  decided  by  an  Administrativejudge 
on  the  written  record,  including  the  Statement  of  Reasons,  documents  that 
provide  the  basis  for  the  allegations  in  the  Statement  of  Reasons,  any  answer 
or  objections  to  the  Statement  of  Reasons,  and  any  other  material  submitted  in 
rebuttal,  mitigation  or  extenuation.  Decisions  made  on  such  a  record  are  also 
reviewable  by  the  Appeal  Board. 

DoD  Civilian  Personnel 

The  procedural  safeguards  and  administrative  remedies  available  to  DoD 
civilian  personnel,  and  to  military  personnel  as  well,  are  prescribed  by 
another  DoD  regulation,  namely  5200.2-R.  This  regulation  provides  that  no 
final  adverse  action  can  be  taken,  in  any  matter  involving  a  personnel  security 
determination,  unless  the  person  concerned  has  been  given:  (1)  a  written  state¬ 
ment  of  the  reasons  for  the  proposed  action,  as  specific  and  detailed  as  Pri¬ 
vacy  Act  and  national  security  considerations  permit;  (2)  an  opportunity  to 
respond  in  writing  to  that  statement,  to  whatever  authority  the  head  of  that 
person's  component  within  the  DoD  may  designate;  (3)  a  written  decision  by 
an  identified  official,  within  60  or  at  most  90  days  thereafter,  again  stating  rea¬ 
sons  as  specific  as  Privacy  Act  and  national  security  considerations  permit; 
and  (4)  an  opportunity  to  appeal  to  a  higher  authority  designated  by  the  per¬ 
son's  component  within  the  DoD. 

The  opportunity  to  submit  a  written  response,  although  the  regulation  is 
not  explicit  on  the  point,  implicitly  includes  the  chance  to  submit  any  materi¬ 
als  in  support  of  such  a  response,  whether  in  order  to  rebut  the  factual  allega¬ 
tions  or  to  explain  any  mitigating  or  extenuating  circumstances.  Likewise, 
although  the  regulation  does  not  explicitly  refer  to  representation  by  counsel, 
as  a  practical  matter  any  person  desiring  to  retain  counsel  at  his  or  her  own 
expense  could  hardly  be  prevented  from  doing  so. 

The  regulation  also  reserves  to  the  Secretary  of  Defense  the  authority  to 
bypass  the  prescribed  procedures  and  to  find  that  a  person  is  ineligible  for  a 
clearance,  if  national  security  interests  so  require.  That  authority  may  not  be 
delegated  by  the  Secretary,  and  so  far  as  the  Commission  knows,  it  has  never 
been  invoked.  A  similar  proviso  is  contained  in  the  directive  applicable  to 
contractor  personnel,  but  again  as  far  as  the  Commission  knows,  it  too  has 
never  been  invoked. 

The  regulation,  in  an  appendix,  sets  forth  the  same  adjudicative  criteria  as 
the  directive  applicable  to  DoD  contractor  personnel. 

Differences  and  Comparative  Advantages 

It  is  not  the  role  of  the  Commission  to  attempt  to  pass  judgment  on  the 
legal  sufficiency  of  any  of  these  procedural  safeguards  or  remedies.  If  any  of 
them  is  legally  defective,  either  on  its  face  or  as  it  might  be  applied  in  any  par¬ 
ticular  case,  an  appropriate  plaintiff  will  presumably  come  forward  and  any 
claims  will  then  be  duly  determined  by  the  courts,  with  the  benefit  of  adver¬ 
sary  briefs  and  on  the  basis  of  a  properly  developed  factual  record. 


There  are .. . 
policy  issues 
rais^  by  the 
differences 
between  the  sets 
of  safeguards. 
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There  are,  however,  policy  issues  raised  by  the  differences  between  the 
sets  of  safeguards  avai  I  abl e  to  DoD  contractor  empi  oyees  on  the  one  hand 
and  DoD  civilian  employees  on  the  other.  As  the  Commission  sees  it,  the  most 
fundamental  differences  are  the  following:  contractor  personnel  have  the 
assurance  that  they  will  have  a  chance  to  review  all  documentson  which  a 
decision  is  based,  whereas  civilian  employees,  although  in  practice  they  may 
be  provided  with  such  materials,  appear  to  have  no  such  assurance;  contrac¬ 
tor  personnel,  unlike  civilian  personnel,  have  a  right  to  a  trial-type  hearing,  at 
which  the  government  has  an  initial  burden  of  showing  that  its  allegations, 
have  some  substantial  support,  at  which  witnesses  testify  subject  to  cross- 
examination,  and  at  which  the  Federal  Rules  of  Evidence  are  used  in  at  least  a 
guideline  sense;  and  more  generally,  the  cases  involving  contractor  personnel, 
assuming  the  hearing  right  is  exercised,  are  handled  in  a  more  formal  manner, 
akin  to  judicial  proceedings,  with  the  government's  side  represented  by  a 
qualified  trial  attorney  and  with  the  final  decision  in  the  hands  of  an  Adminis¬ 
trative  judge  who  is  also  an  attorney,  and  a  three-member  Appeal  Board  also 
composed  of  attorneys. 

It  is  the  premise  of  the  questions  posed  in  the  Conference  Report  to  which 
we  have  already  alluded,  and  it  is  also  the  position  of  the  American  Bar  Asso¬ 
ciation,  which  has  been  outspoken  on  the  matter,  that  the  procedural  safe¬ 
guards  available  to  DoD  contractor  personnel  are  superior  to  the  safeguards 
to  which  DoD  civilian  personnel  are  entitled.  However,  it  is  not  at  all  self-evi¬ 
dent  that  this  is  so. 

To  begin  with,  as  nearly  as  the  Commission  can  tell,  the  right  of  a  contrac¬ 
tor  employee  to  demand  a  trial-type  hearing  before  an  Administrative  judge 
is  made  absolute  by  the  applicable  directive,  whether  or  not  there  are  any  fac¬ 
tual  disputes  that  need  to  be  resolved.  Not  even  civil  litigants  operating  under 
the  Federal  Rules  of  Civil  Procedure  have  as  broad  a  right.  On  the  contrary, 
those  rules  effectively  foreclose  any  opportunity  for  a  trial  in  any  case  in 
which  the  material  facts  are  undisputed,  and  the  only  genuine  issues  concern 
the  significance  of  those  facts.  In  addition,  contractor  employees  are  evidently 
free  to  demand  a  trial-type  hearing  not  only  in  circumstances  where  they  do 
not  contest  the  government's  allegations  and  do  not  have  any  rebuttal  evi¬ 
dence,  but  also  where  they  desire  only  to  present  some  information  that  may 
be  extenuating  or  mitigating.  Even  assuming  that  such  a  broad  hearing  right 
may  be  superior  from  an  employee's  standpoint,  and  may  be  available  in 
other  contexts  involving  for  example  the  denial  or  revocation  of  professional 
licenses,  that  does  not  mean  that  such  a  right  is  required  in  the  name  of  funda¬ 
mental  fairness,  or  that  is  should  become  the  universal  standard  in  connection 
with  decisions  that  are  as  highly  discretionary  and  judgmental  as  clearance 
decisions. 

Second,  while  it  is  true  that  contractor  employees  have  the  right  to  be  rep 
resented  by  counsel  at  their  own  expense,  that  right  is  empty  for  those  who 
cannot  afford  that  expense  or  obtain  pro  bono  representation.  Such  persons  are 
left  with  the  prospect  of  facing  an  experienced  trial  attorney  alone  and  with¬ 
out  representation.  Civilian  employees  may  also  go  unrepresented,  but  they 
are  not  caught  up  in  a  system  in  which  there  is  an  experienced  trial  attorney 
on  the  government  side.  Further,  even  where  contractor  employees  are  able  to 
avail  themselves  of  the  right  to  counsel,  that  may  be  only  because  their 
I  employers  agree  to  bear  the  expense,  which  is  not  a  possibility  in  cases  involv¬ 
ing  civilian  DoD  employees.  In  our  estimation,  although  we  haven't  seen  any 
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evidence  on  the  point,  there  is  a  somewhat  lower  chance  that  an  employee 
union  might  come  forward  to  pick  up  the  expense  of  such  employees. 

Third,  in  contractor  employee  cases,  the  employee's  right  of  appeal  from 
an  adverse  dec!  si  on  isconfined  by  strict  scope-of-review  limits.  TheAppeal 
Board  may  not  consider  any  evidence  not  considered  by  the  Administrative 
Judge.  Nor  is  the  Appeal  Board  free  to  reverse  a  decision  except  on  grounds 
that  it  was  arbitrary,  capricious,  or  contrary  to  law,  or  that  the  factual  findings 
were  unreasonable,  or  that  procedural  error  was  committed.  These  same  con¬ 
straints  do  not  exist  in  civilian  employee  cases.  The  appeal  authorities  in  those 
cases  can  takean  entirely  fresh  look  and  makewhatthey  believe  to  be  the 
appropriate  decision,  without  regard  for  the  lower-level  decision,  which  is  apt 
to  be  far  less  detailed  than  a  decision  of  an  Administrativejudge  in  the  DISCR 
process.  Further,  while  either  losing  party,  which  may  be  the  government,  can 
appeal  the  decision  of  an  Administrativejudge,  in  civilian  employee  cases 
there  does  not  appear  to  be  any  provision  for  appeals  of  decisions  that  are 
favorable  to  the  employee. 

Fourth,  the  system  of  adjudicating  contractor  employee  cases  has  a  rigid¬ 
ity  that  can  work  against  the  employee.  No  allowance  is  made  in  that  system 
for  the  value  that  such  employees  may  bring  to  the  classified  work  being  per¬ 
formed  by  their  employers.  No  matter  how  high  that  value,  it  does  not  figure 
in  the  adjudicative  criteria,  and  it  is  therefore  ignored.  The  civilian  employee 
system,  however,  is  flexible  enough  to  take  account  of  that  value.  In  that  sys¬ 
tem,  either  at  the  lower  level  or  the  appeal  stage,  decisions  can  be  influenced 
by  arguments  that  the  employee  is  a  big  contributor,  that  any  security  risk  is 
manageable,  and  therefore  that  the  risk  should  be  taken.  There  is  also  a  good 
chance  that  supervisors  within  an  employee's  component  will  actually  come 
forward  to  champion  such  arguments  or  to  make  other  arguments  on  the 
employee's  behalf. 

We  do  not  say  any  of  this  to  denigrate  in  any  way  the  DISCR  process. 
Rather  we  make  these  points  only  to  show  that  the  policy  debate  is  notone¬ 
sided,  and  because  it  is  very  unclear  to  us  whether,  given  a  choice  between  the 
DISCR  process  and  the  existing  arrangements,  civilian  DoD  employees  would 
opt  for  the  former.  It  is  even  more  unclear  to  us  that  military  personnel,  who 
have  an  understandable  confidence  in  their  own  chain  of  command,  would 
opt  for  the  DISCR  process. 

We  come  now  to  the  specific  questions  posed  by  the  Conference  Report, 
which  were  directed  to  the  Secretary  of  Defense  but  as  to  which  the  views  of 
the  Commission  were  invited.  These  questions  asked  why,  in  each  of  six  dif¬ 
ferent  respects,  "DoD  civilian  employees  should  not  be  provided  with  proce¬ 
dural  rights  (in  connection  with  the  denial  or  revocation  of  a  security 
clearance)  that  are  as  protective  as  those  provided  to  DoD  contractor  employ¬ 
ees." 


T he  system  of 
adjudicating 
con  tractor 
empioyee  cases  has 
a  rigidity  that  can 
work  against  the 
empioyee. 


1.  Notice  of  the  reasons  for  the  proposed  denial  or  revocation.  In  this 
respect,  as  the  Commission  understands,  any  difference  between  the  rights 
afforded  to  the  two  classes  of  employees  is  a  matter  of  degree.  The  Statement 
of  Reasons  that  commences  the  DISCR  process  is  apt  to  be  a  more  detailed 
statement  than  the  notice  provided  to  civilian  employees.  Without  attempting 
to  draw  any  fine  lines,  the  operative  principle  here  should  be  that  affected 
employees  are  entitled  to  a  statement  that  adequately  informs  them  of  the  fac- 
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tual  basis  of  any  proposed  adverse  action,  and  that  identifies  the  adjudicative 
criteria  that  are  rdevant  under  the  circumstances. 

2  An  opportunity  to  respond.  Here  again  the  Commission  believes  that 
this  opportunity  is  already  afforded  to  both  classes  of  employees.  In  any 
event  the  Commission  believes  that  it  should  be. 

3.  The  right  to  a  hearing  or  other  appearance  before  a  tribunai.  A  hear¬ 
ing  and  a  trial-type  hearing  are  not  synonymous  terms.  Many  forms  of  pro¬ 
ceedings,  including  some  more  informal  than  those  now  available  to  civilian. 
DoD  employees,  could  accurately  be  described  as  hearings,  even  though  they 
don't  have  the  characteristics  typically  associated  with  trials,  such  as  live  testi¬ 
mony  subject  to  cross-examination  and  precise  rules  governing  the  admissi¬ 
bility  of  evidence.  The  real  issue  here  is  not  whether  there  should  be  a  right  to 
some  sort  of  hearing,  because  civilian  DoD  employees  already  have  that  right. 
The  issue  is  whether  the  hearing  rights  of  civilian  employees  and  contractor 
employees  should  be  conformed,  which  is  an  issue  we  discuss  in  a  moment, 
under  the  caption  "The  availability  of  trial-type  procedures." 

So  far  as  concerns  the  right  to  an  "appearance  before  a  tribunal,"  the 
Commission  understands  that  as  matters  stand  today,  civilian  DoD  employ¬ 
ees  cannot  demand,  with  any  assurance  that  the  demand  will  be  granted,  an 
opportunity  to  appear  personally  before  any  designated  adjudicative  author¬ 
ity  that  is  considering  whether  to  deny  or  revoke  a  clearance.  The  Commis¬ 
sion  believes  such  an  opportunity  should  exist. 

4.  The  right  to  be  represented  by  counsel.  This  right  exists  today, 
although  it  is  diluted  by  the  fact  that  employees  who  retain  counsel  must  do 
so  at  their  own  expense,  and  the  cost  may  be  beyond  the  means  of  many 
employees.  We  note  again  that  contractor  employees,  particularly  senior  offi¬ 
cials,  may  have  an  important  edge  here,  because  for  them,  unlike  civilian  DoD 
employees,  there  is  at  least  a  possibility  that  the  employer  may  agree  to  bear 
the  cost  of  any  legal  representation.  The  Commission  also  believes  that  while 
the  right  to  counsel  is  secured  to  civilian  employees  in  the  sense  that  there  is 
nothing  to  stop  them  from  consulting  an  attorney  if  they  choose  to  do  so,  such 
employees  should  be  explicitly  informed,  as  are  contractor  employees,  that 
they  have  this  right. 

5.  The  availability  of  triai-type  procedures,  such  as  the  opportunity  to 
present  and  cross-examine  witnesses.  The  availability  of  such  procedures  to 
DoD  contractor  employees,  and  their  unavailability  to  DoD  civilian  employ¬ 
ees,  is  the  most  dramatic  difference  between  the  two  adjudicative  systems. 
The  hard  question  posed  by  the  Conference  Report  is  whether  such  proce¬ 
dures  shouid  be  extended  to  the  civilian  employees. 

The  Commission  recognizes  that  there  may  be  complex  legal  issues  that 
come  into  play  here,  and  thatthe  nature  of  those  issues  may  vary  from  one 
individual  case  to  another,  depending  for  example  on  such  circumstances  as 
whether  the  person  affected  is  an  initial  applicant  for  a  clearance  or  already 
holds  a  clearance,  whether  the  denial  or  loss  of  a  clearance  leads  to  the  loss  of 
a  job,  and  whether  and  if  so  how  far  and  in  what  way  the  person's  reputation 
may  be  impaired  or  the  person  may  otherwise  be  stigmatized  by  an  adverse 
decision.  Again,  however,  any  legal  issues  are  for  courts  to  determine,  and  are 
beyond  the  purview  of  the  Commission. 
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On  balance,  from  solely  a  policy  standpoint,  the  Commission  does  not 
favor  the  idea  of  extending  trial -type  procedural  protections  to  civilian  DoD 
employees. 

As  already  noted,  the  hearing  rights  currently  granted  to  contractor 
employees  are  broader  and  more  absolute  in  important  respects  than  even  the 
hearing  rights  available  to  civil  litigants  whose  claims  and  defenses  are  adju¬ 
dicated  in  the  Federal  courts.  No  matter  what  interests  such  litigants  may 
have  at  stake,  they  are  not  entitled  to  a  trial,  and  their  claims  or  defenses  may 
be  resolved  against  them  on  the  basis  of  written  submissions,  unless  they  are 
able  to  show  that  there  is  something  to  have  a  trial  about-namely,  a  material 
factual  dispute  that  needs  to  be  resolved.  Contractor  employees  faced  with  a 
denial  or  loss  of  a  clearance,  however,  are  evidently  entitled  to  a  trial-type 
hearing,  on  demand,  without  making  such  a  showing. 

The  extension  of  such  a  broad  hearing  right  to  civilian  employees  could 
well  result  in  a  great  many  trial-type  hearings  in  cases  involving  only  undis¬ 
puted  facts.  It  would  certainly  havetheresultof  putting  a  great  many  more 
discretionary  clearance  decisions  into  the  hands  of  judges.  It  would  also  intro¬ 
duce  new  and  significant  delays  into  the  system,  because  it  is  unquestionably 
the  fact  that  cases  handled  under  the  DISCR  process,  if  trial-type  hearings  are 
demanded,  on  the  average  take  far  longer  to  resolve  than  cases  adjudicated  on 
a  written  record.  Such  delays  are  not  merely  a  matter  of  inconvenience.  One 
practical  effect  is  that  persons  who  are  applicants  for  an  initial  clearance,  and 
have  been  assigned  to  positions  requiring  a  clearance,  cannot  move  into  those 
positions  so  long  as  the  clearance  outcome  remains  in  doubt.  Other  difficulties 
arise  if  a  person  already  holds  a  clearance  that  is  threatened  with  revocation. 
If  that  clearance  is  a  job  requirement  and  is  suspended  pending  the  outcome 
of  the  revocation  proceedings,  the  person  cannot  perform  the  job  in  the  mean¬ 
time.  If  the  clearance  is  not  suspended  pending  the  outcome,  asecurity  risk 
must  be  taken  i n  the  meanti me.  I  n  al I  these  ci  rcumstances  there  is  a  price  to  be 
paid,  not  just  by  the  employee  but  also  by  the  government. 

To  be  sure,  there  will  always  be  cases  that  do  involve  serious  factual  dis¬ 
putes,  and  in  which  the  existence  or  non-existence  of  those  facts  and  the  cred¬ 
ibility  of  witnesses  might  be  determined  with  more  certainty  if  trial-type 
proc^ures  were  employed.  There  may  also  be  cases  in  which  an  experienced 
Administrative  judge  might  be  better  able  to  apply  the  clearance  criteria  even 
to  undisputed  facts  than  other  adjudicators.  These  considerations,  however, 
do  not  persuadethe  Commission  to  alter  its  policy  advice.  Trial -type  proce¬ 
dures  are  at  their  most  effective  in  promoting  fairness  and  accuracy  only 
when  both  sides  are  equally  represented.  In  the  DISCR  process  only  the  gov¬ 
ernment  is  sure  to  be  represented.  The  same  would  be  true  if  the  DISCR 
model  was  followed  for  DoD  civilian  employees.  The  Commission  is  also 
influenced  in  its  view  by  the  fact  that  such  employees  are  less  likely  than  con¬ 
tractor  employees  to  lose  their  jobs,  or  to  incur  serious  damage  to  their 
careers,  if  a  clearance  is  denied  or  revoked.  And  the  Commission  is  also  influ¬ 
enced  by  its  doubt  that,  if  given  the  choice,  most  civilian  employees  would 
prefer  the  DISCR  process  to  the  system  now  in  place. 

At  the  same  time,  the  Commission  believes  that  the  fairness  of  the  system 
now  in  place  can  and  should  be  improved.  In  particular,  the  procedural  pro¬ 
tections  now  available  to  DoD  civilian  employees  should  be  expanded  to 
include  the  same  explicit  right  to  review  any  documents  on  which  a  proposed 
denial  or  revocation  of  a  clearance  may  be  based,  or  which  are  germane  to 
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such  a  proposed  action,  that  is  presently  afforded  to  DoD  contractor  employ¬ 
ees.  This  opportunity  should  be  afforded  as  early  in  the  process  as  possible,  so 
as  to  make  it  useful  to  the  employee  in  preparing  an  initial  written  response  to 
the  allegations  set  forth  in  statement  of  reasons  that  commences  the  process. 

6.  The  opportunity  to  appeal  any  final  decision.  This  right  exists  today. 
Indeed  in  some  ways,  as  already  noted,  the  appeal  available  to  civilian 
employees  may  be  a  more  valuable  right  than  the  appeal  available  to  contrac¬ 
tor  employees,  because  the  latter  is  constrained  by  scope-of-review  limits 
whereas  the  former  gives  the  employee  a  true  "second  bite  at  the  apple."  Nev¬ 
ertheless,  the  Commission  realizes  that  the  appeal  procedures  vary  from  one 
DoD  component  to  another  and  believes  that  these  procedures  should  be 
standardized  and  should  provide  for  review  by  appeal  boards  consisting  of 
three  members.  In  the  Commission's  view  these  boards  should  have  a  diverse 
membership,  including  at  least  one  senior  official  in  the  employee's  DoD  com¬ 
ponent  and,  in  the  absence  of  an  attorney  adviser  to  the  board,  one  attorney. 
Part  of  the  purpose  here  would  be  to  ensure  a  broad  perspective,  and  a  review 
that  is  not  solely  in  the  hands  of  security  officials. 


The  Commission  recommends  that: 

a)  The  DISCR  process,  with  its  trial-type  procedures,  not  be 
adopted  as  the  model  for  the  adjudication  of  security  clearance 
cases  involving  DoD  civilian  employees. 

b)  All  DoD  civilian  employees  facing  the  possible  denial  or  revo¬ 
cation  of  a  security  clearance  be  explicitly  informed  that  they  have  a 
right  to  counsel. 

cl  Any  documents  on  which  a  proposed  denial  or  revocation  of  a 
security  clearance  is  based,  or  which  are  germane  to  such  a  pro¬ 
posed  action,  be  made  available  for  timely  review  by  the  affected 
DoD  civilian  employee,  so  far  as  applicable  privileges  and  national 
security  considerations  permit. 

d)  Any  DoD  civilian  employee  be  given  the  opportunity  to 
appear  personally  before  any  adjudicative  authority  that  is  consid¬ 
ering  whether  to  deny  a  clearance  to  such  an  employee,  or  to  revoke 
a  clearance  held  by  such  employee. 

e)  Any  DoD  civilian  employee  have  a  right  to  appeal  any  adverse 
clearance  decision  to  an  appeal  board  consisting  of  three  members, 
one  of  whom  should  be  a  senior  official  in  the  employee's  DoD 
component  and  another  of  whom,  unless  the  board  has  an  attorney, 
should  be  an  attorney.^ 


Military  Personnel 

Even  though  issues  relating  to  military  personnel  are  outside  the  bounds 
of  the  recent  congressional  inquiries  that  the  Commission  took  as  its  frame¬ 
work,  the  Commission  has  considered  whether  there  is  any  good  reason  why 
DoD  military  personnel  should  be  treated  any  differently  than  DoD  civilian 
personnel  in  regard  to  the  denial  or  revocation  of  security  clearances.  In  the 
Commission's  view  there  is  no  such  reason,  and  it  is  bolstered  in  that  view  by 
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the  fact  that  the  DoD  regulation  applicable  to  civilian  personnel,  5200- 2-R,  is 
similarly  applicable  to  military  personnel. 


The  Commission  recommends  that,  so  far  as  concerns  the  denial  or 
revocation  of  security  clearances,  DoD  military  personnel  be 
afforded  all  the  same  rights  as  DoD  civilian  personnel. 


Special  Access  Approvals 


The  Commission  now  turns  its  attention  to  another  question  posed  by  the 
Congress  in  the  1994  Defense  Authorization  Act,  which  was  "whether  there 
should  be  a  difference  between  the  rights  provided  to  both  Department  of 
Defense  civilian  and  contractor  employees  with  respect  to  security  clearances 
and  the  rights  provided  with  respect  to  sensitive  compartmented  information 
and  special  access  programs." 

This  question  arises  because  DoD  Directive  5220.6,  which  is  the  regula¬ 
tion  applicable  to  the  denial  or  revocation  of  contractor  employee  clearances, 
explicitly  provides  that  it  "does  not  apply  to  cases  for  access  to  sensitive  com¬ 
partment^  information  or  a  special  access  program";  because  DoD  5200.2-R, 
which  is  the  regulation  applicable  to  the  denial  or  revocation  of  civilian 
employee  clearances,  may  or  may  not  be  followed  in  connection  with  the 
denial  or  revocation  of  access  to  a  SAP;  and  because  denials  or  revocations  of 
access  to  Sensitive  Compartmented  I  nformation  (SQ)  is  governed  by  DCID 
1/14,  issued  under  the  authority  of  the  Director  of  Central  Intelligence,  which 
establishes  yet  another  set  of  procedures. 

These  different  procedures  owe  their  existence  to  the  fact  that  special 
access  and  SQ  security  determinations  have  historically  involved  the  applica¬ 
tion  of  more  selective  and  stringent  adjudicative  criteria  than  clearance  deter¬ 
minations.  If  the  Commission's  basic  classification  system  recommendations, 
and  its  recommendation  that  there  be  a  common  set  of  adjudicative  criteria, 
are  adopted,  the  rationale  for  these  different  procedures  would  disappear. 
There  would  no  longer  be  any  separate  special  access  determinations,  except 
on  need-to-know  grounds.  The  clearance  decisions  would  then  settle  the  mat¬ 
ter  of  eligibility  for  all  purposes,  either  at  the  Secret  level  or  at  the  Secret  Com¬ 
partmented  Access  level.  The  denial  or  revocation  of  clearances  in  DoD 
contractor  personnel  cases  would  be  subject  to  the  DISCR  process,  and  the 
Commission  believes  that  DoD  civilian  employee  cases  should  then  be  subject 
to  existing  DoD  procedures  (the5200.R-2  procedures),  as  modified  by  the 
Commission's  recommendations  in  this  section  of  its  report. 

If  on  the  other  hand  the  Commission's  classification  system  and  adjudica¬ 
tive  criteria  recommendations  are  not  adopted,  with  the  result  that  SAP  and 
SCI  access  determinations  continue  to  be  based  on  separate  and  more 
demanding  requirements  than  clearance  determinations,  then  further  judg¬ 
ments  will  ne^  to  be  made  about  the  procedural  safeguards  that  should 
apply  to  the  denial  and  revocation  of  an  access  approval .  I  n  that  event,  the 
Commission  bel i eves  that  the  appropriate  safeguards  for  both  DoD  civilian 
and  contractor  employees  are  those  prescribed  by  DoD  5200.2-R,  again  as 
modified  by  the  recommendations  in  this  section  of  the  report.  The  Commis¬ 
sion  does  not  recommend  that  the  denial  or  revocation  of  an  access  approval. 
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if  such  an  approval  remains  distinct  from  a  clearance  decision,  be  made  sub¬ 
ject  to  the  DISCR  process,  even  as  to  DoD  contractor  employees. 


THE  POLYGRAPH 

The  polygraph  is  a  controversial  investigative  technique.  While  some 
argue  that  the  polygraph  is  the  most  effective  information  gathering  proce¬ 
dure  available,  others  point  to  its  lack  of  scientifically  established  validity,  the 
overrel i ance  on  passing  polygraph  examinations  as  a  "guarantee"  of  trust¬ 
worthiness,  and  the  beli^that  it  is  unacceptably  intrusive  and  violates  per¬ 
sonal  privacy.  The  Commission  was  asked  to  undertake  an  objective  review  of 
the  F^eral  personnel  security  screening  polygraph  program  to  determine 
how  well  it  works,  how  it  could  be  improved,  and  whether  it  should  be  con¬ 
tinued.^^ 


Significant 
admissions  to 
reie\/ant  issues 
are  explored  filly 
through 
interrogation. 
Unimportant 
admissions  are 
excluded  by 
modifying  the 
questions. 


Background 

The  polygraph^^  is  a  multichannel  instrument  that  records  changes  in  res¬ 
piration,  cardiovascular  activity,  and  skin  resistance  in  response  to  questions. 
According  to  polygraph  theory,  when  a  subject  gives  a  false  response  to  a  rele¬ 
vant  question  (questions  of  concern  to  security  adjudicators),  the  physiologi¬ 
cal  reaction  will  be  greater  than  the  reaction  to  other  questions  (control  or 
irrelevant  questions).  However,  contrary  to  popular  belirf,  there  is  no  physio¬ 
logical  response  that  is  uniqueto  deception.  The  reactions  measured  by  the 
polygraph  can  be  caused  by  a  variety  of  emotions.  This  fact  underlies  much  of 
the  controversy  surrounding  the  polygraph. 

The  polygraph  process  consists  of  a  pretest  interview,  test  phase,  and 
posttest  interview.  During  the  pretest  interview  the  polygraph  examiner  tries 
to  establish  rapport  with  the  subject,  reviews  with  the  subject  the  background 
history  statement,  familiarizes  the  subject  with  the  polygraph  instrument  if 
necessary,  and  then  enters  into  a  detailed  explanation  and  discussion  of  the 
exact  questions  that  will  be  asked  during  the  test  phase  of  the  exam.  It  is  gen¬ 
erally  not  explained  to  the  subject  that  there  will  be  two  or  more  different 
types  of  questions  asked  during  the  examination.  There  are  questions  of  pri¬ 
mary  interest  such  as  "Are  you  engaged  in  espionage?"  or  "Within  the  last  5 
years  have  you  used,  possessed  or  sold  any  narcotics  or  dangerous  drugs?" 
These  questions  are  also  known  as  "relevant"  questions.  Also  included  are  a 
series  of  questions  designed  to  assist  the  examiner  in  calibrating  the  subject's 
responses  to  the  relevant  questions  during  the  test  phase.  Depending  upon 
the  polygraph  technique  used,  such  a  question  may  be  an  irrelevant  question 
(Are  you  wearing  shoes?)  or  some  type  of  a  control  question  (Have  you  ever 
betrayed  the  trust  of  someone  who  depended  on  you?).  The  subject  may  or 
may  not  be  asked  to  lie  in  response  to  the  control  questions  and  at  present, 
most  subjects  are  not  told  to  lie.  The  examiner,  who  is  a  trained  investigator 
and  usually  highly  skilled  in  interrogation,  will  encourage  the  subject  to 
"come  clean"  on  each  of  the  relevant  questions  while  at  the  same  time 
attempting  to  restrict  or  minimize  the  subject'sanswers  to  the  control  ques¬ 
tions. 

Significant  admissions  to  relevant  issues  are  explored  fully  through  inter¬ 
rogation.  Unimportant  admissions  are  excluded  by  modifying  the  questions 
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with,  "Except  for  what  you  have  disclosed  to  me,  have  you  ever  . . .  ?"This 
process  continues  until  the  subject  is  able  to  answer  all  questions  with  a  "yes" 
or  "no"  and  the  examiner  is  convinced  the  subject  will  properly  respond  to  all 
types  of  questions  posed  during  the  exam,  that  is,  a  guilty  subject  will  react  to 
the  relevant  questions  while  an  innocent  subject  will  react  most  significantly 
to  the  control  questions. 

During  the  test  phase  the  subject  is  attached  to  the  polygraph  instrument 
and  is  limited  to  responding  "yes"  or  "no"  to  the  relevant  and  control  ques¬ 
tions  asked.  The  test  phase  is  generally  very  short  in  duration.  During  the 
posttest  phase,  the  subject  is  given  an  opportunity  to  explain  any  reaction  to 
certain  questions.  Standard  interrogation  techniques  are  employed,  but  only 
responses  to  relevant  questions  are  explored  with  the  subject.  If  the  subject 
offers  an  admission,  the  test  is  readministered  with  the  question  causing  the 
reaction  changed  to  "Other  than  what  you  have  told  me, . .  .  ?"  or  a  new  set  of 
questions  are  asked  that  focus  more  narrowly  upon  the  issue(s)  in  question. 
This  process  continues  until  the  subject  no  longer  reacts  to  any  of  the  (modi¬ 
fied)  relevant  questions,  the  subject  terminates  the  interview,  or  the  examiner 
determines  that  additional  testing  may  need  to  be  conducted  at  a  later  time. 

Establishing  the  proper  examination  setting  is  challenging  for  the  exam¬ 
iner  and  can  be  very  stressful  to  both  innocent  and  guilty  subjects.  Even  inno¬ 
cent  subjects  have  to  undergo  an  extremely  unpleasant  self-examination, 
before  a  government  investigator,  regarding  highly  personal  information, 
while  knowing  that  the  whole  proceeding  is  being  recorded.  Many  Commis¬ 
sioners  were  troubled  by  the  wide  latitude  given  to  examiners  and  the  possi¬ 
bilities  for  abuse,  especially  where  relevant  and  control  questions  are  used  to 
elicit  highly  personal  information  of  questionable  relevancy  to  security 
screening.  While  attempts  can  be  made  to  minimize  the  discomfort  level  for 
innocent  subjects  such  settings  can  and  do  result  in  anguish  and  in  complaints 
of  abuse. 


Establishing  the 
proper  examina¬ 
tion  setting  is 
challenging  for  the 
examiner  and  can 
be  very  stressful  to 
both  innocent  and 
guilty  subjects. 


Applications  of  the  Polygraph 

TheDoD  and  the  Intelligence  Community  use  the  polygraph  in  the  fol¬ 
lowing  areas:  specific  issue  investigations  (criminal  and  security),  personnel 
security  screening,  and  operations  (vetting  and  validation  of  intelligence 
sources).  The  Commission  evaluated  the  use  of  the  polygraph  in  personnel 
security  screening  only.  Specific  issue  investigations  and  operational  uses  of 
polygraph  were  outside  the  scope  of  this  review. 

Two  types  of  polygraph  examinations  are  currently  used  in  personnel 
security  screening:  the  counterintelligence-scope  (Cl-scope)  polygraph  and 
the  full-scope  polygraph.  The  Cl-scope  polygraph  focuses  on  espionage,  sabo¬ 
tage,  terrorism,  subversion,  mishandling  of  classified  information,  and  unau¬ 
thorized  contacts  with  representatives  of  foreign  governments.  The  full-scope 
polygraph  covers  all  of  the  Cl-scope  questions  and  a  number  of  issues  that 
pertain  to  both  security  and  suitability  for  employment  (questions  that  have 
been  inaccurately  labeled  "lifestyle").  These  questions  may  address  any  of  the 
following  issues:  criminal  history,  serious  financial  problems,  use  of  illegal 
drugs,  excessive  use  of  alcohol,  falsification  of  information  on  the  personal 
history  statement,  and  serious  nervous  or  mental  disorders.  Questions  about 
sexual  orientation  are  no  longer  asked  during  polygraphs.  The  entire  poly¬ 
graph  process  (pretest,  test  and  posttest)  in  theDoD  and  the  Intelligence 
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Community  is  recorded  (video  and/or  audio).  The  recording  is  justified  on 
quality  control  grounds,  but  it  also  raises  concern  because  it  creates  a  record 
of  extremely  sensitive,  personal  information  about  the  applicant. 

Screening  polygraphs,  particularly  the  full-scope  polygraphs,  are  more 
controversial  than  specific  issue  polygraphs  because  they  cover  a  wider  range 
of  personal  matters  and  are  administered  to  individuals  who  are  not  sus¬ 
pected  of  specific  wrongdoing.  Polygraph  opponents  argue  that  screening 
polygraphs  are  intrusive  dragnets  for  information  and  that  individual  privacy 
interests  outweigh  the  government's  need  for  such  wide-ranging  searches. 
Proponents  contend  that  screening  polygraphs  are  used  only  to  seek  informa¬ 
tion  that  is  relevant  to  trustworthiness  and  therefore  to  national  security  inter¬ 
ests.  They  point  out  that  these  same  issues  are  addressed  in  personal  history 
statements,  personal  interviews,  and  background  investigations  and  that  the 
basis  for  asking  them  derives  from  approved  adjudicative  criteria. 

The  CIA  and  the  N  SA  are  the  only  agencies  that  use  full-scope  poly¬ 
graphs  to  screen  applicants  for  employment.  For  these  agencies,  the  screening 
polygraph  serves  both  security  and  suitability  functions.  They  require  the 
polygraph  as  a  condition  of  employment  because  any  employee  of  these 
agencies  may  have  access  to  a  broad  range  of  classified  information  in  the 
course  of  his  or  her  regular  duties.  The  DoD,  which  uses  a  U-scope  polygraph 
only,  has  been  limited  by  Congress  to  5,000  screening  polygraphs  per  year 
(with  major  exceptions  such  as  the  NSA,  the  NRO,  and  cryptographers).  The 
DoD's  use  of  the  screening  polygraph  is  not  related  to  employment.  Rather, 
these  polygraphs  are  administered  to  people  who  already  occupy  sensitive 
positions  but  require  access  to  a  specific  or  several  sensitive  programs  for 
which  the  polygraph  has  been  established  as  a  requirement. 

The  following  arguments  have  been  made  in  favor  of  the  polygraph: 

a.  A  Unique  Source  of  information:  Officials  attheCIA  and  theNSA  point 
out  that  the  polygraph  dicits  important  adjudicative  information  that  is  often 
not  obtainable  by  other  investigative  methods,  such  as  personal  history  state¬ 
ments,  personal  interviews,  and  background  investigations.  In  fact,  the  most 
important  product  of  the  polygraph  process  is  more  likely  to  be  an  admission 
made  during  the  interview  than  a  chart  interpretation.  While  senior  officials 
at  the  CIA  and  theNSA  acknowledge  the  controversial  natureof  the  poly¬ 
graph  process,  they  also  strongly  endorse  it  as  the  most  effective  information 
gathering  technique  available  in  their  personnel  security  systems.  They  argue 
that  without  the  polygraph,  the  quality  of  their  work  force  would  suffer 
immeasurably. 

The  DoD  uses  a  U-scope  polygraph  only  after  individuals  have  been 
thoroughly  investigated  and  favorably  adjudicated.  Nonetheless,  DoD  offi¬ 
cials  report  that  they  have  obtained  significant  security  and  counterintelli¬ 
gence  admissions  that  were  not  developed  through  the  prescreening  and 
investigative  process.  The  DoD  catalogues  and  reports  these  results  annually 
to  Congress. 

I  The  utility  of  the  polygraph  in  eliciting  important  adjudicative  informa- 
I  tion  is  not  in  doubt.  In  addition,  the  Commission  found  that  the  suitability  or 
"lifestyle"  questions  (particularly  those  that  address  criminal  activity  and  ille¬ 
gal  drug  use)  have  always  elicited  the  most  information.  Research  studies 
have  supported  these  views: 
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.  In  1980  a  working  group  of  the  DCI  Security  Committee  found  that  the 
polygraph  examination  process  was  superior  to  other  investigative  methods 
in  eliciting  adverse  information  that  ultimately  resulted  in  denial  or  revoca¬ 
tion  of  access. 

.  An  April  1991  study  by  the  Personnel  Security  Working  Group,  (an 
Intelligence  Community  interagency  working  group),  unequivocally  identi¬ 
fied  the  polygraph  as  the  most  productive  source  of  derogatory  information 
in  the  screening  arena,  eliciting  such  information  in  70  percent  of  the  cases  in 
which  it  is  used. 

.  A  September  1993  CIA  study  cited  the  following  polygraph  benefits:  it 
enables  the  CIA  to  forgo  random  drug  testing  for  staff  employees  or  those 
with  staff-like  access;  it  facilitates  the  flow  of  classified  information  within  the 
organization;  it  enables  the  CIA  to  use  minimal  internal  information  systems 
security  checks;  and  it  reduces  the  need  for  domestic  physical  security  coun¬ 
termeasures. 


b.  Deterrence:  Screening  polygraph  programs  arguably  have  a  deterrent 
effect.  Applicants  who  believe  that  the  polygraph  will  dicit  disqualifying 
information  may  be  deterred  from  applying.  Cleared  personnel  also  may  be 
deterred  from  misconduct  because  they  know  that  they  will  be  required  to 
take  a  polygraph  in  the  future.  In  fact,  the  CIA's  Inspector  General  noted  that 
the  polygraph  has  been  instrumental  in  reducing  the  incidence  of  fraud  and 
other  wrongdoing  at  the  CIA.  In  addition,  a  1993  study  by  theEXTI's  Counter¬ 
intelligence  Center  and  an  Intelligence  Community  research  project  have  con¬ 
cluded  that  the  polygraph  is  a  significant  espionage  deterrent. 

c.  Cost-Effectiveness:  The  CIA  and  the  NSA,  two  agencies  that  routinely 
use  full-scope  polygraphs  to  screen  applicants,  present  a  strong  case  that  the 
polygraph  serves  as  an  efficient  and  effective  cost-containment  hiring  tool. 
When  admissions  made  by  a  subject  duri ng  a  polygraph  test  result  in  a  dis¬ 
qualification,  these  agencies  are  saved  the  considerable  cost  and  time  of  con¬ 
ducting  a  background  investigation.  In  addition,  the  CIA's  Office  of  Medical 
Services  reported  to  the  Commission  that  full-scope  polygraphs  enable  it  to 
detect  and  screen  out  50  percent  to  75  percent  of  the  most  troubled  applicants. 
They  expressed  concern  that  if  the  suitability  questions  were  reduced  or  elim¬ 
inated  this  would  result  in  increased  terminations  for  cause,  security 
breaches,  and  medical,  legal,  and  administrative  costs  arising  from  contested 
terminations  and  increased  psychiatric  difficulties  in  the  work  force. 

The  following  arguments  have  been  made  against  the  polygraph: 

a.  Lack  of  Scientific  Vaiidity:  in  1983,  the  Congressional  Office  of  Technolog¬ 
ical  Assessments  concluded  that:  "There  appears,  as  yet,  to  be  no  scientific 
field  evidence  that  polygraph  examinations . . .  representa  valid  test  to  pre¬ 
screen  or  periodically  screen  government  employees."  A  1991  government 
review  of  the  polygraph  in  personnel  security  applications  reaffirmed  the  ear¬ 
lier  study  and  concluded  that  "the  number  and  quality  of  screening  studies  is 
insufficient  to  provide  a  basis  for  reliable  estimates  of  validity."  The  Commis¬ 
sion  reviewed  many  other  studies  as  well.  The  results  of  these  studies  were 
too  varied  to  allow  for  definitive  conclusions  about  the  validity  of  the  poly¬ 
graph  when  used  for  personnel  security  screening.  The  Commission  also  met 
with  various  research  experts  in  polygraph  and  related  fields  and  learned  that 
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due  to  the  extraordinary  difficulty  of  conducting  screening  polygraph  validity 
research,  the  scientific  validity  of  the  polygraph  is  yet  to  be  established. 

Many  polygraph  proponents  and  some  research  experts  believe  that  it  is 
unnecessary  to  study  the  validity  of  the  polygraph  process,  meaning  its  accu¬ 
racy  in  distinguishing  truth  from  deception.  They  contend  that  as  long  as  the 
polygraph  elicits  admissions  to  screen  out  unsuitable  applicants  and  actual 
security  risks,  questions  about  the  polygraphs  validity  remain  academic. 
However,  if  the  polygraph  does  not  have  established  scientific  validity  in  the 
screening  arena,  judgments  about  truthfulness  based  solely  on  chart  interpre¬ 
tation  will  continue  to  be  controversial.  Without  established  validity,  the  pro¬ 
cess  lacks  full  integrity  and  appears  more  like  trickery  because  information  is 
obtained  from  subjects  under  the  pretense  that  it  is  in  their  best  interest  to  be 
forthright  sincefalse  answers  will  be  discovered.  Furthermore,  arguments 
could  be  made  that  the  polygraph  may  not  have  the  same  effect  on  a  nonbe¬ 
liever;  that  is,  unless  the  validity  of  the  process  can  be  demonstrated,  there  is 
nothing  to  prevent  a  practiced  deceiver  from  passing  a  polygraph  examina¬ 
tion.  In  fact,  circumstantial  evidence  lending  credence  to  this  view  was  docu¬ 
mented  by  a  President's  Foreign  Intelligence  Advisory  Board  study  in  1988. 

b.  Intrusiveness:  Polygraph  testing  can  be  a  highly  intrusive  and  emotion¬ 
ally  grueling  process.  Some  claim  that  this  results  in  lost  talent  when  suitable 
individuals  rrfuseto  participate  in  a  polygraph  examination.  Other  individu¬ 
als  and  organizations  have  argued  that  there  can  be  no  justification  for  the  use 
of  the  polygraph.  The  Department  of  State  has  refused  to  use  the  polygraph 
for  personnel  security  screening,  even  for  those  with  access  to  the  most  highly 
protected  information.TheACLU  views  the  polygraph  as  an  unacceptable 
invasion  of  privacy,  an  affront  to  human  dignity,  a  violation  of  self-incrinuna- 
tion  prohibitions,  and  an  unreasonable  search  and  seizure. 

Comparison  or  control  questions  are  frequently  identified  as  the  most 
intrusive  aspect  of  the  polygraph.  Control  questions  are  used  to  elidt  untruth¬ 
ful  or  uncertain  responses  from  subjects  (for  example,  "Have  you  ever  vio¬ 
lated  the  trust  of  a  close  friend?").  Physiological  reactions  to  these  questions 
are  compared  to  reactions  to  the  relevant  questions  (for  example,  "Have  you 
ever  committed  a  serious  crime?").  It  is  assumed  that  "innocent"  subjects  will 
react  more  strongly  to  the  control  questions  than  the  relevant  questions,  while 
the  reverse  will  be  true  for  "guilty"  subjects.  For  this  reason,  "innocent"  sub¬ 
jects  frequently  experience  the  control  questions  as  intrusive  or  embarrassing 
(indeed,  the  intent  is  to  generate  some  degree  of  discomfort)  and  worry  that 
their  responses  will  be  kept  in  a  permanent  record. 

TheDoD  has  developed  a  less  intrusive  type  of  control  question  called 
thedirected  lie.  In  this  technique,  the  examiner  directs  the  subject  to  liein 
response  to  certain  questions  (the  control  questions)  so  that  a  physiological 
reaction  can  be  obtained  while  lying.  Directed  lie  control  questions  differ  from 
other  types  of  control  questions  in  that  the  subject  is  specifically  instructed  to 
lieto  these  questions  and  no  admissions  are  sol  id  ted  or  allowed.  Knowing 
their  true  purpose,  people  generally  experience  these  questions  as  less  intru¬ 
sive.  Research  is  currently  under  way  to  further  validate  this  technique. 

As  unpleasant  as  the  polygraph  process  may  be  to  some  individuals,  the 
Commission  did  not  find  any  ground  swell  of  antipolygraph  feeling  among 
the  government  and  contractor  personnel  who  are  most  heavily  exposed  to  it. 
On  the  contrary,  available  surveys  suggest  the  majority  of  those  who  take  a 
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screening  polygraph  believe  that  the  examinations  are  conducted  fairiy  and 

professionally. 

c.  Over  reliance:  In  the  absence  of  admissions,  polygraph  tests  are  not 
infallible:  truthful  subjects  sometimes  "fail"  and  untruthful  subjects  some¬ 
times  "pass."  When  the  polygraph  test  result  is  used  as  a  primary  determi¬ 
nant  of  "truth,"  there  will  be  occasi  ons  i  n  which  innocent  people  are  falsely 
accused  and  guilty  people  avoid  detection. 

Despite  assertions  to  the  contrary,  adjudicative  decisions  have  been  made 
on  the  basis  of  polygraph  chart  interpretations  without  admissions.  Managers 
and  security  officers  who  make  decisions  based  on  polygraph  test  results 
need  to  be  aware  of  the  fallibility  of  the  polygraph  screening  process.  Also,  the 
Commission  is  concerned  that,  in  times  of  declining  financial  resources,  agen¬ 
cies  may  be  tempted  to  rely  more  on  the  polygraph  at  the  expense  of  more 
thorough  investigations,  decreasing  the  checks  and  balances  provided  to  the 
personnel  security  process  by  background  investigations  and  financial  checks 
and  increasing  the  likelihood  of  spies  being  hired  or  allowed  to  continue  espi¬ 
onage  activities  started  after  initial  employment. 
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Recommendations 

Despite  the  controversy,  after  carefully  weighing  the  pros  and  cons,  the 
Commission  concludes  that  with  appropriate  standardization,  increased  over¬ 
sight,  and  training  to  prevent  abuses,  the  polygraph  program  should  be 
retained.  In  the  CIA  and  the  NSA,  the  polygraph  has  evolved  to  become  the 
single  most  important  aspect  of  their  employment  and  personnel  security 
programs.  Eliminating  its  use  in  these  agencies  would  limit  the  effectiveness 
of  security,  personnel,  and  medical  officers  in  forming  their  adjudicative  judg¬ 
ments.  However,  the  Commission  unanimously  endorses  the  adoption  of  pro¬ 
cedural  safeguards  and  oversight  (discussed  later  in  this  section)  to  ensure 
that  the  technology  is  used  in  a  reliable,  consistent,  and  ethical  manner.  We 
support  the  standardization  of  the  process  to  ensure  basic  fairness  and  reci¬ 
procity.  We  believe  that  the  intrusiveness  of  the  procedure  should  be  mini¬ 
mized  and  mechanisms  should  be  put  in  pi  ace  to  resolve  ambiguous  results 
quickly  and  efficiently. 

The  Commission  believes  that  polygraph  examinations  should  be  limited 
to  a-scope  for  all  security  screening  examinations,  except  for  applicants  seek¬ 
ing  staff  positions  at  the  CIA  and  the  NSA.  Almost  all  of  the  Commissioners 
believe  that  polygraph  examinations  for  these  CIA  and  NSA  staff  applicants 
can  be  restricted  without  reducing  security  benefits.  The  Commission  recom¬ 
mends  that  polygraphs  for  applicants  for  CIA  and  NSA  staff  positions  consist 
of  only  the  Cl-scope  questions  plus  questions  on  serious  criminal  conduct  and 
recent  drug  use.  This  ensures  uniformity  between  the  two  agencies  and  elimi¬ 
nates  broader  questions  about  financial  problems,  alcohol  use,  nervous  or 
mental  disorders,  and  falsification  of  any  information  on  the  personal  history 
statement.  The  record  indicates  that  the  questions  about  serious  criminal  con¬ 
duct  and  recent  drug  use  are  much  more  likely  than  the  other  questions  to 
produce  information  of  significant  value  in  making  security  and  suitability 
decisions.  These  restrictions  on  the  polygraph  for  CIA  and  NSA  staff  appli¬ 
cants  will  limit  its  intrusiveness  without  sacrificing  its  security  benefits.  A  CI- 
scope  polygraph  should  be  used  for  all  reinvestigations,  even  for  CIA  and 
NSA  employees.  One  of  the  ten  Commissioners  believes  that  the  CIA  and  the 
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The  Commission 
is  concerned 
about  over- 
reliance  on  the 
polygraph. 


NSA  should  be  permitted  to  use  the  questions  currently  being  asked  during 
applicant  screening  polygraphs  examinations,  with  due  regard  for  the  need  to 
standardize  the  questions  as  soon  as  possible. 

The  Commission  is  concerned  about  overreliance  on  the  polygraph. 
Under  the  security  scheme  we  have  proposed,  the  polygraph  would  not  be  a 
general  requirement  for  access  to  classified  information:  a  NACI  plus  credit 
will  be  required  for  access  to  generally  protected  information  and  an  SSBI  for 
access  to  specially  protected  information.  Nor  would  the  polygraph  necessar¬ 
ily  be  a  requirement  for  access  to  multiple  specially  protected  programs,  as  it 
is  today  in  the  DoD.  Instead,  the  polygraph  should  only  be  an  option  in  those 
rare  instances  when  the  Secretary  of  Defense  or  the  Director  of  Central  Intelli¬ 
gence  approves  its  use  for  particular  controlled  access  activities,  or  if  required 
as  a  condition  for  staff  employment  at  the  Cl  A  or  the  N  SA. 


The  Commission  recommends  that: 

a)  The  screening  poiygraph  shouid  be  used  by  those  DoD  and 
I  nteiiigence  Community  organizations  that  currentiy  empioy  it  as 
follows; 

1)  Polygraph  examinations  should  be  limited  toCI>scopeforaii 
security  screening  examinations  except  for  initial  applicants  seek¬ 
ing  staff  positions  at  the  CIA  and  the  NSA. 

2)  The  screening  polygraph  examinations  of  initial  applicants  at 
the  CIA  and  the  NSA  should  be  limited  to  U-scope  plus  questions 
on  serious  criminal  conduct  and  recent  drug  use. 

3)  A  CI>scope  polygraph  should  be  used  for  all  reinvestigations, 
even  for  the  CIA  and  the  N  SA . 

b)  The  polygraph  should  not  serve  as  a  bar  to  clearance  reciproc¬ 
ity  or  the  exchange  of  classified  or  sensitive  information. 

ci  The  intrusiveness  of  controi  questions  must  be  minimized, 
strict  oversight  must  be  estabiished  to  prevent  abuses,  information 
eiicited  by  controi  questions  must  not  be  kept  in  a  permanent 
record  unless  it  relates  to  criminal  activity,  and  procedures  must  be 
adopted  to  ensure  compiiance  with  these  requirements. 

d)  Physiological  reactions,  without  admissions,  to  questions  dur¬ 
ing  a  polygraph  examination  should  not  be  used  to  disqualify  indi¬ 
viduals  without  efforts  to  independently  resolve  the  issue  of 
concern 


Oversight 

The  Commission  is  aware  of  the  potential  for  abuse  and  the  actual  past 
abuses  associated  with  polygraph  programs.  For  example,  in  some  instances 
examiners  have  pursued  issues  beyond  the  scope  of  the  inquiry.  We  believe 
that  the  polygraph  process  must  minimize  intrusiveness  as  much  as  possible. 
This  can  be  done  by  training  examiners  in  less  adversarial  methods  and  by 
implementing  rigorous  quality  control  procedures.  While  a  number  of  safe¬ 
guards  have  been  built  into  the  current  system  (such  as  internal  polygraph 
quality  control  procedures  and  Inspector  General  reviews),  the  Commission 
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believes  that  an  external,  independent,  centralized  oversight  mechanism  is 
needed  to  monitor  the  programs  and  manage  complaints.  Such  a  mechanism 
would  provideafocal  point  for  tracking  and  investigating  reports  of  abuse 
and  ensure  that  the  polygraph  programs  are  responsive  to  the  concerns  of 
polygraph  subjects. 


The  Commission  recommends  that  an  independent,  external  mech¬ 
anism  be  established  by  the  security  executive  committee  to  investi¬ 
gate  and  track  polygraph  complaints.  This  mechanism  also  should 
monitor  and  oversee  the  polygraph  programs'  compliance  with 
standards  and  conduct  periodic  satisfaction  surveys  of  polygraph 
subjects. 


Standardization 

The  Commission  found  that  the  personnel  security  screening  polygraph 
program  is  characterized  by  a  complicated  web  of  inconsistent  and  misunder¬ 
stood  practices.  Agencies  vary  as  to  when  or  if  it  is  required,  where  or  how  it 
is  administered,  the  subject  areas  covered,  and  what  techniques  are  employed 
in  administering  the  tests.  For  example,  the  Commission  finds  no  acceptable 
reason  why  the  CIA  and  the  NSA  should  cover  different  subject  areas  in  their 
full-scope  polygraphs.  The  Commission  also  is  concerned  that  the  same  ques¬ 
tions  are  worded  differently  and  are  therefore  open  to  differing  interpreta¬ 
tions,  decreasing  confidence  in  the  objectivity  of  the  process.  The  Commission 
believes  that  these  differences  should  be  minimized. 


The  Commission 
finds  no  acceptabie 
reason  why  the 
CIA  and  the  NSA 
shouid  cover 
different  subject 
areas  in  their  full- 
scope  polygraphs. 


The  Commission  recommends  that  standards  be  developed  to 
ensure  consistency  in  the  administration,  application  and  quality 
control  of  screening  polygraphs. 


The  need  for  standardization  and  consistency  is  also  evident  in  the  con¬ 
tractor  world.  The  NSA  is  the  only  agency  that  requires  full-scope  polygraphs 
for  all  contractors  prior  to  granting  access  to  compartmented  information.  The 
DoD  requires  only  a  Cl-scope  polygraph  for  thei  r  contractors,  but  generally 
grants  access  prior  to  (and  sometimes  without)  administering  a  polygraph. 
TheCIA  requires  only  U-scope  for  those  contractors  outside  its  facilities  but 
full -scope  polygraphs  for  those  contractors  with  regular  workins  access  to  its 
facilities  and  computer  systems.  Such  inconsistent  applications  should  be 
eliminated. 

The  Commission  believes  that  enhanced  efficiency  and  cost  savings  can 
be  realized  by  establishing  one  organization  to  serve  as  the  executive  agent 
for  conducting  polygraphs  on  contractor  personnel  who  do  not  require  regu¬ 
lar  working  access  to  government  facilities.  The  executive  agency  would  over¬ 
see  the  operation  of  joint  polygraph  facilities  at  strategic  sites  that  would 
serve  to  maximize  the  efficient  accomplishment  of  a  maximum  number  of 
examinations.  The  executive  agency  would  also  coordinate  the  scheduling  of 
all  contractor  polygraph  examinations  to  economize  on  travel  requirements. 
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Most  importantly,  an  executive  agency  would  facilitate  the  standardization  of 
the  Cl -scope  polygraph  aswell  as  the  reciprocal  acceptance  of  polygraphs 
throughout  the  DoD  and  the  CL4  intelligence  community  The  joint  investiga¬ 
tive  service  (described  in  chapter?)  would  bea  logical  organization  to  per¬ 
form  this  service. 


The  Commission  recommends  that: 

al  The  Cl-scope  polygraph  be  adopted  as  the  standard  for  all  con¬ 
tractor  personnel. 

b)  Polygraph  examinations  for  ail  contract  personnel  working  at 
contractor  facilities  be  conducted  under  the  auspices  of  a  single 
entity. 


The  single  most 
significant 
variable  in  the 
polygraph  process 
is  the  competency 
and  integrity  of 
the  examiner. 


Training,  Research,  and  Deveiopment 

M  any  bel  i  eve  that  the  si  ngl  e  most  si  gnifi  cant  vari  abl  e  i  n  the  pol  ygraph 
process  is  the  competency  and  integrity  of  the  examiner.  Any  polygraph  tech¬ 
nique,  no  matter  how  benign,  can  be  used  in  an  abusive  way  by  an  improp¬ 
erly  trained  or  misguided  examiner.  Competence  is  a  primary  requirement  for 
ethical  practice.  For  this  reason,  the  Commission  believes  that  it  is  essential  for 
examiners  to  be  formally  trained  and  professionally  certified  under  a  single 
entity.  Polygraph  examiners  also  should  be  required  to  maintain  professional 
certification  through  a  formal  continuing  education  program. 


The  Commission  recommends  that  certification  of  polygraph  exam¬ 
iners  under  the  auspices  of  a  single  entity  should  be  mandatory. 
M  andatory  requirements  for  recertification  also  should  be  estab¬ 
lished. 


Most  polygraph  training  is  conducted  at  the  DoD  Polygraph  Institute 
(DoD/PI),  although  the  CIA  trains  its  own  examiners  and  some  from  the 
NSA.  In  the  interest  of  efficiency  and  consistency,  the  Commission  believes 
that  all  government  polygraph  training  and  certification  should  be  conducted 
by  a  single  entity.  Incorporating  the  CIA  training  program  into  the  DoD  Poly¬ 
graph  Institute  would  standardize  and  enhance  the  quality  of  polygraph 
training  provided  by  the  government.  The  DoD  Polygraph  Institute  also 
should  be  made  a  national  or  Federal  polygraph  institute  and,  if  subject  to 
relocation  due  to  base  closure,  consideration  should  be  given  to  locating  the 
institute  closer  to  its  customer  base. 


The  Commission  recommends  that  the  CIA  polygraph  school  be 
consolidated  into  the  DoD  Polygraph  Institute  to  form  a  national 
polygraph  institute  that  would  conduct  all  training  and  certification 
of  government  polygraph  examiners. 
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The  Commission  believes  that  it  is  imperative  the  government  establish 
the  validity  of  the  polygraph  for  personnel  security  screening.  In  the  absence 
of  admissions,  the  ability  of  the  polygraph  to  distinguish  between  truthful 
and  deceptive  reactions  is  critical.  While  the  Commission  recognizes  the  diffi¬ 
culty  of  designing  and  conducting  validity  research  on  the  screening  poly¬ 
graph,  the  dearth  of  such  research  is  not  acceptable.  The  Commission  realizes 
that  these  recommendations  have  been  made  in  the  past,  with  little  effect.  A 
greater  commitment  must  be  made  to  sustain  funding  of  research  to  establish 
the  validity  of  the  polygraph  in  personnel  security  screening  applications. 

The  Commission  believes  that  research  is  also  needed  to  determine  which 
polygraph  techniques  work  best  in  which  situations  and  with  which  subjects. 
The  ongoing  devdopment  of  scoring  algorithms  and  computerization  would 
increase  the  objectivity  of  the  polygraph  process  and  provide  a  basis  for 
addressing  countermeasure  threats.  We  also  believe  that  research  should 
explore  other  methods  of  detecting  deception  that  could  be  used  in  conjunc¬ 
tion  with  or  in  place  of  the  polygraph. 


The  Commission  recommends  a  robust,  interagency-coordinated 
and  centraiiy  funded  research  program^^  shouid  be  estabiished 
with  the  DoD/PI  as  executive  agent.  The  poiygraph  research  pro¬ 
gram  must  concentrate  on  the  deveiopment  of  vaiid  and  reiiabie 
security  and  applicant  screening  tests  and  standardize  their  use. 


The  Commission 
beiie\/es  that  it  is 
imperative  the 
government 
establish  the 
validity  of  the 
polygraphfor 
personnel 
security 
screening. 
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Chapter  5. 

Physical,  Technical,  and 
Procedural  Security 


Mdnyof  our 
physical  security 
policies  are  out  of 
date,  are  not 
based  on  actual 
threat,  conflict 
with  each  other, 
and  have  not  been 
implemented  in  a 
uniform  fashion. 


The  physical  protection  of  information,  assets  and  personnel  is  funda¬ 
mental  to  any  security  system.  Closely  related  to  physical  security  are  the 
technical  security  safeguards  required  to  protect  certain  facilities  against  intel¬ 
ligence  collection  or  observation  and  security  procedures  adopted  to  monitor 
and  control  physical  access  to  facilities  and  material.  Government  rules  for 
protection  of  classified  information  cover  construction  and  storage  require¬ 
ments  (facilities,  locks,  alarms,  guards),  technical  security  requirements 
imposed  on  facilities  storing  classified  information  (surveillance  countermea¬ 
sures,  TEMPEST,  audio  attenuation),  and  procedures  affecting  the  conduct  of 
operations  within  these  facilities  (inspections,  document  control,  visit  certifi¬ 
cation,  and  badges). 

The  Commission's  focus  was  primarily  on  the  domestic  environment 
where  there  is  the  greatest  potential  for  cost  savings,  a  lower  level  of  threat, 
and  because  it  lends  itself  more  readily  to  uniformity  than  do  facilities  at  over¬ 
seas  locations.  Our  review  was  limited  to  the  protection  of  classified  informa¬ 
tion  and  material.  It  did  not  include  protection  of  weapons,  munitions,  or 
nuclear  devices  which  are  governed  by  separate  regulations. 

Recently  there  have  been  significant  policy  changes  affecting  physical 
security  within  the  Intelligence  Community.  However,  it  appears  that  cross¬ 
program  management  for  physical,  technical,  and  procedural  security  coun¬ 
termeasures  is  not  uniform.  The  relationships  with  industrial  contractors  vary 
from  punitive  complianceinspections  to  problem-solving  advice  and  assis¬ 
tance.  In  addition,  many  of  our  physical  security  policies  are  out  of  date,  are 
not  based  on  actual  threat,  conflict  with  each  other,  and  have  not  been  imple¬ 
mented  in  a  uniform  fashion.  As  a  result,  the  end  user  is  faced  with  a  patch- 
work  of  multiple  standards,  increased  costs  because  facilities  cannot  be 
shared,  and  irrational  situations  where  information  classified  at  a  lower  level 
(Confidential  and  Secret)  is  often  more  stringently  protected  than  our  govern¬ 
ment's  most  sensitive  technologies  and  operations.  The  wide  variety  of  physi¬ 
cal,  technical  and  procedural  security  requirements  imposed  on  industry  is 
the  principal  concern  that  lead  to  the  devdopment  of  the  National  Industrial 
Security  Program  (NISP). 

For  Confidential  and  Secret  information,  the  Defense  Industrial  Security 
Program  requires  that  contractors  be  inspected  every  six  months,  that 
guards  physically  check  safes  that  hold  classified  material,  and  that  strin¬ 
gent  document  control  audits  and  inventories  be  maintained.  Director  of 
Central  Intelligence  representatives  normally  inspect  facilities  housing 
Sensitive  Compartmented  Information  once  every  two  years,  require 
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alarms  rather  than  expensive  guards,  and  recently  have  dropped  strict  doc¬ 
ument  handling  requirements. 

The  Commission  seeks  to  apply  physical,  technical,  and  procedural  secu¬ 
rity  consistent  with  the  same  basic  risk  management  principles  recommended 
throughout  this  report.  Security  standards  should  provide  two  uniform 
degrees  of  protection  for  classified  information.  Decisions  to  adopt  special 
protection  safeguards  should  be  based  upon  risk  management  analysis  of  the 
value  of  the  asset,  the  threats  and  vulnerabilities,  and  the  costs  of  protection. 
The  relationship  between  government  and  industry  should  be  a  problem 
solving  partnership  that  maximizes  reciprocity.  New  procedural  mechanisms 
should  beinstituted  to  terminate  unnecessary  controls  and  facilitate  ease  of 
reassigning  cleared  personnel. 


Physical  Security  Standards 

Today's  physical  security  policies  evolved  in  the  context  of  the  Cold  War 
when  it  was  often  assumed  the  enemy  would  attempt  penetration  and  it  was 
necessary  to  keep  them  out  at  almost  any  cost.  Organizations  began  to  indi¬ 
vidually  adopt  different  rules  governing  the  protection  of  classified  informa¬ 
tion.  As  a  result  there  is  no  single  facility  standard.  Facilities  cleared  for  DoD 
Special  Access  Programs  have  rules  which  may  vary  from  facility  to  facility 
and  from  program  to  program.  Facilities  housing  ^sitive  Compartmented 
Information  (SQ)  are  governed  by  the  Director  of  Central  Intelligence  Direc¬ 
tives.  Facilities  holding  collateral  information  follow  differing  standards 
depending  on  which  organization  is  the  sponsor.  Application  of  these  differ¬ 
ing  standards  by  individual  government  agencies  is  also  uneven,  resulting 
frequently  in  one  government  agency  being  unwilling  to  share  space  with 
another  agency  even  though  they  both  ostensibly  use  the  same  standard. 

A  facility's  security  may  include  alarms,  guards,  security  containers 
(safes),  access  control  devices,  closed -circuit  television,  locks,  special  con¬ 
struction  requirements,  and  a  host  of  other  countermeasures.  It  also  may 
include  a  requirement  for  two  people  to  be  in  close  proximity  at  all  times  so  as 
to  deter  the  unauthorized  removal  or  copying  of  classified  material.  With  total 
risk  avoidance  as  the  goal,  the  addition  of  each  of  these  countermeasure  is  jus¬ 
tified  by  assuming  that  the  countermeasure  will  provide  an  additional  mea¬ 
sure  of  protection.  Cost  is  not  a  factor. 

The  physical  security  countermeasures  at  one  industrial  facility  include  a 
fence,  roving  guards,  and  automated  building  access  controls.  Inside  fhe 
facility,  there  is  also  a  specially  constructed  room  to  which  access  is  con¬ 
trolled  by  cipher  and  combination  door  lock.  M  oreover,  the  program  man¬ 
age'  of  a  speial  access  program  required  that  the  five-drawer  safe  used  to 
store  program  mateial  have  each  drawe  alarmed  eve  though  the  safe  was 
inside  an  area  already  alarmed. 

Yet  the  great  majority  of  past  compromises  have  involved  insiders, 
cleared  persons  with  authorized  access  who  could  circumvent  physical  secu¬ 
rity  barriers,  not  outsiders  breaking  into  secure  areas.  We  have  had  numerous 
incidents  of  classified  information  being  removed  by  cleared  personnel,  but 
no  documented  evidence  leading  us  to  believe  an  agent  of  a  foreign  power 
has  ever  broken  into  a  classified  area  inside  the  United  States. 


The  great 
majority  of  past 
compromises  have 
involved  insiders, 
cleared  persons 
with  authorized 
access  who  could 
circumvent 
physical  security 
barriers,  not 
outsiders 
breaking  in  to 
secure  areas. 
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M  ultiple 
standards, 
variously 
interpreted  have 
inhibited ...  the 
efficient  sharing 
of  facilities  and 
services. 


In  reviewing  the  existing  standards  for  physical  security  and  their  imple¬ 
mentation  in  practice,  the  Commission  found  that  the  amount  of  physical 
security  provided  to  protect  classified  information  in  facilities  within  the 
United  States  is  often  excessive. 

The  Commission  acknowledges  the  significant  and  ongoing  policy 
changes  affecting  physical,  technical,  and  procedural  security  requirements 
that  are  being  devdoped,  especially  through  theDCI  Security  Forum  and  the 
National  Industrial  S^urity  Program  task  forces.  Many  improvements  have 
already  been  introduced  and  some  cost  savings  already  realized.  For  example, 
the  recent  DQ  policy  decision  to  drop  the  two-person  rule  has  permitted 
manpower  savings  in  some  contracts.  Other  elements,  such  as  the  military 
SAPs,  continue  to  enforce  this  requirement.  Not  only  do  these  inconsistencies 
produce  confusion,  they  seriously  erode  the  user's  faith  in  legitimate  security 
practices.  Despite  some  positive  efforts,  the  Commission  concludes  that  many 
of  the  rules  governing  physical  and  technical  protection  of  classified  informa¬ 
tion  stored  within  the  United  States  have  yet  to  realistically  reflect  the  actual 
threat. 

The  Commission  believes  that  an  integrated  systems  approach  based  on 
valid  risk  management  analysis  must  be  implemented  to  replace  the  current 
fragmented  process.  Under  risk  management,  each  countermeasure  can  be 
viewed  in  the  context  of  a  fully  integrated  system.  The  introduction  of  two 
uniform  degrees  of  physical  security  protection  will  remedy  the  current 
inconsistencies  and  permit  the  establishment  of  a  more  rational  approach  to 
the  physical  protection  of  information  and  material. 


The  Commission  recommends  that  dassified  materiai  or  informa¬ 
tion  stored  within  the  United  States  be  protected  by  one  of  two  iev- 
eis  of  a  nationai  physicai  security  standard. 


Faciiity  Certification 

Multiple  standards,  variously  interpreted  have  inhibited,  primarily  in  the 
DoD,  the  efficient  sharing  of  facilities  and  services,  resulting  in  increased  cost 
to  the  US  Government.  Sharing  is  more  prevalent  in  the  Intelligence  Commu¬ 
nity  where  areas  used  for  storing  and  discussing  Sensitive  Compartmented 
Information  (SCI)  are  built  to  standards  contained  in  a  DCI  Directive.  For 
years,  these  areas,  called  Sensitive  Compartmented  Information  Facilities 
(SCIFs),  have  been  certified  by  the  first  agency  to  use  that  particular  space. 
Written  agreements  allow  additional  agencies  to  use  the  same  facilities, 
accepting  any  waivers  to  the  standards.  Facility  clearance  reciprocity  isless 
prevalent  (but  increasing)  for  Special  Access  Programs.  All  too  often  SAPs 
levy  additional  requirements  by  forcing  contractors  to  add  costly  and  exces¬ 
sive  security  upgrades  or  even  build  a  new  SCIF  (or  SARF-Special  Access 
Required  Facility). 

One  west  coast  contractor  said  that  the  Intelligence  Community  usually 
grants  approval  for  co-utilizing  SCIFs  within  48  to  12  hours.  Yet  the  same 
process  usually  takes  4  to  6  months  in  the  SAP  world.  Additionally,  SAP 
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program  managers  may  levy  further  requirements,  such  as  one  manager 
who  wanted  $30,000  in  upgrades  made  to  an  already  accredited  SCIF. 

The  Commission  supports  co-utilization  of  certified  facilities  and  further 
believes  a  registration  system  would  help  enforce  this  process.  Once  certified, 
a  facility  should  be  registaed  in  a  central  data  base.  All  govanment  organiza¬ 
tions  desiring  to  operate  at  the  rel event  security  level  should  accept  the  regis¬ 
tered  area  without  changes,  enhancements,  or  upgrades.  The  facility  should 
also  remain  certified  until  it  is  modified  or  closed  out.  Co-utilization  of  facili¬ 
ties  is  endorsed  by  the  NISP  and  this  registration  process  would  complement 
the  NISP  effort 


The  Commission  recommends  a  data  base  registering  certified  facii- 
ities  be  established  and  that  co-utilization  and  reciprocity  of  accred¬ 
ited  space  be  mandatory. 


Facilities,  Containers,  and  Locks 

While  uniform  standards  are  important,  the  standard  itself  must  be  sup 
ported  by  an  analysis  of  actual  threat  and  a  reasonable  risk  management 
response.  The  importance  of  this  is  shown  by  the  example  of  the  national  stan¬ 
dard  adopted  for  security  containers  and  locks.  Current  national  policy 
requires  classified  material  be  stored  in  GSA-approved  safes  or  containers 
v.'Ath  approved  locks.  Exceptions  to  this  policy  wae  routinely  made  in  domes¬ 
tic  settings  during  the  Cold  War  in  acknowledgment  that  other  layas  of  secu¬ 
rity  were  in  place  or  because  of  site  specific  factors  such  as  floor  loading 
restrictions.  Non-GSA-approved  containers  (bar  lock  cabinets  equipped  with 
changeable  combination  locks)  and  the  open  storage  of  classified  information 
in  specially  constructed  areas  have  been  routinely  allowed.  There  is  no  evi¬ 
dence  that  these  waivers  have  compromised  security.  The  risk  management 
approach  embodied  in  granting  these  waivers  should  become  the  basis  for 
developing  future  policies.  The  Commission  strongly  opposes  recent  efforts 
that  are  calling  for  more  stringent  standards.  An  example  is  the  current  effort 
to  replace  existing  container  locks  with  the  new  GSA-approved  electro¬ 
mechanical  locks.  This  replacement  effort  is  not  based  on  current  threat  data 
and  will  significantly  increase  costs.  For  example,  one  west  coast  contractor 
estimates  that  replacing  all  the  locks  for  its  facility  would  cost  more  than  $7.3 
million.  While  new  locks  could  be  used  in  new  containers,  the  Commission 
found  no  evidence  that  would  warrant  a  large-scale  replacement  effort  for 
locks  already  installed  in  approved  facilities  within  the  United  States. 


The  Commission  recommends  that  there  be  no  replacement  or  retro¬ 
fit  of  containers  and  locks  currently  approved  for  use  in  the  United 
States. 
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Contractors  sfafe 
that  routine  re¬ 
inspections  are 
fime-consuming, 
onerous,  costly, 
and  confusing. 


Industrial  Security  Inspections 

Companies  with  classified  government  contracts  are  periodically 
inspected  to  ensure  they  are  protecting  classified  material  in  ways  consistent 
with  government  security  standards.  These  inspections  take  many  forms  to 
include  an  initial  accreditation  inspection,  a  change  of  status  inspection  when 
there  is  new  ownership  or  new  spaces,  and  special  interest  inspections  based 
on  a  specific  incident,  investigative  lead,  or  threat.  In  addition  to  these  accred¬ 
itation  and  incident-driven  visits,  there  also  are  routine  re-inspections 
required  on  a  varying  and  arbitrary  periodic  basis  depending  on  the  contract 
and  sponsor.  These  routine  inspections  are  conducted  by  the  DB,  the  DoE,  the 
(HA,  the  NSA,  or  any  number  of  individual  DoD  SAPs,  all  using  a  variety  of 
standards.  The  CIA  and  the  DoE  inspect  every  two  years,  allowing  the  con¬ 
tractor  to  self-inspect  on  the  off  years.  Until  recently,  the  N  SA  maintained  a  six 
month  schedule.  The  DIS,  responsible  for  the  majority  of  the  inspections,  also 
reviews  all  aspects  of  a  contractor's  security  program  every  six  months.  Less 
than  one  percent  of  these  inspections  result  in  unsatisfactory  ratings.  Both  the 
frequency  and  value  of  these  routine  inspections  were  questioned  by  contrac¬ 
tors  interviewed  by  the  Commission. 

One  contractor  stated  that  in  2992,  DIS  spent  480  hours  inspecting  the 

contractor's  five  facilities.  But  in  1993,  despite  the  contractor's  38-percent 

reduction  in  personnei,  68-percent  drop  in  documents,  40-percent  i ess  con¬ 
trolled  area,  and  SO -percent  few &■  classified  hoidings,  DIS  needed  1413 
hours  to  inspect  the  same  five  facilities. 

Contractors  with  Special  Access  Programs  are  inspected  on  a  program- 
by-program  basis  with  each  individual  project  having  its  own  requirements. 
For  example,  a  contractor  with  six  SAPs  may  undergo  six  separate  inspections 
with  each  having  differing  requirements.  Contractors  state  that  routine  re¬ 
inspections  are time-constiming,  onerous,  costly,  and  confusing.  They  advise 
that  the  redundant  inspections  contribute  little,  if  any,  additional  security. 

One  contractor  had  to  contend  with  26  inspections  by  DIS  and  SAPs  over 
a  iO -month  period  in  1993.  Inspectors  wa-e  on-site fiir  99  out  of  210  work¬ 
days.  An  additional  week  of  planned  inspection  i/i/as  canceled. 

Intelligence  Community  inspectors  put  less  weight  on  fault  finding  and 
more  emphasis  on  program  review.  For  example,  they  may  frequently  visit  a 
contractor  to  discuss  programmatic  or  individual  personnel  security  issues 
but  rarely  conduct  formal  top-to-bottom  inspectior\s.  Some  Intelligence  Com¬ 
munity  components  use  award  fee  contracts  with  monetary  awards  as  incen¬ 
tives  for  good  security.  The  Commission  endorses  the  partnership  or  service 
approach  towards  security,  rather  than  an  adversarial  approach. 

The  Commission  supports  accreditation  visits  and  special  issue  investiga¬ 
tions,  but  sees  no  need  for  each  organization  to  conduct  routine  inspections. 
These  reinspections  frequently  involve  a  top-to-bottom  review  of  construc¬ 
tion,  storage,  and  procedures  complete  with  formal  out-briefings  to  senior 
management.  They  also  often  require  an  official  response  from  the  senior 
management.  Our  vision  of  a  government  and  contractor  partnership  rejects 
the  concept  of  these  punitive  inspections.  The  Commission  believes  that  mul¬ 
tiple  compi  i  ance  i  nspecti  ons  and  re-inspections  are  costi  y ,  ti  me  consu  mi  ng. 
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and  of  questionable  value  in  providing  better  security.  A  partnership  or  ser¬ 
vice-based  approach  should  be  encouraged. 


The  Commission  recommends  that,  after  an  initiai  accreditation 
inspection,  reinspections  be  iimited  to  aperiodic,  random  inspec¬ 
tions  or  those  in  reaction  to  specific  incidents  or  threats.  Routine 
industriai  security  re-inspections  should  be  eliminated. 


TEMPEST 

TEMPEST  (an  acronym  for  Transient  Electromagnetic  Pulse  Emanation 
Standard)  is  both  a  specification  for  ^uipment  and  a  term  used  to  describe 
the  process  for  preventing  compromising  emanations.  The  fact  that  electronic 
equipment  such  as  computers,  printers,  and  electronic  typewriters  give  off 
electromagnetic  emanations  has  long  been  a  concern  of  the  US  Government. 
An  attacker  using  off-the-shelf  equipment  can  monitor  and  retrieve  classified 
or  sensitive  information  as  it  is  being  processed  without  the  user  being  aware 
that  a  loss  is  occurring.  To  counter  this  vulnaability.,  the  US  Government  has 
long  required  that  electronic  equipment  used  for  classified  processing  be 
shi^ded  or  designed  to  reduceor  eliminate  transient  emanations.  Analtema- 
tive  is  to  shield  the  area  in  which  the  information  is  processed  so  as  to  contain 
electromagnetic  emanations  or  to  specify  control  of  catain  distances  or  zones 
beyond  which  the  emanations  cannot  be  detected.  The  first  solution  is 
extremely  expensive,  with  TEMPEST  computers  normally  costing  double  the 
usual  price.  Protecting  and  shielding  the  area  can  also  be  expensive.  While 
some  agencies  have  applied  TEM  PEST  standards  rigorously,  others  have 
sought  waivers  or  have  used  various  levels  of  interpretation  in  applying  the 
standard.  In  some  cases,  a  redundant  combination  of  two  or  three  types  of 
multilayered  protection  was  installed  with  no  thought  given  either  to  cost  or 
actual  threat. 

A  general  manage-  of  a  major  aerospace  company  reports  that,  during 
building  renovations,  tvjo  SAPs  required  not  only  complete  separation 
between  their  program  areas  but  also  TEMPEST  protection.  This  pushed 
renovation  costs  from  $1.5  million  to  $3  million  just  to  ensure  two  U  S  pro¬ 
grams  could  not  detect  each  other's  TEMPEST  emanations. 

In  1991,  a  CIA  Inspector  Genaal  report  called  for  an  Intelligence  Commu¬ 
nity  review  of  domestic  TEMPEST  requirements  based  on  threat.  The  out¬ 
come  suggested  that  hundreds  of  millions  of  dollars  have  been  spent  on 
protecting  a  vulnaability  that  had  a  very  low  probability  of  exploitation.  This 
report  galvanized  the  Intelligence  Community  to  review  and  r^uce  domestic 
TEMPEST  requirements. 

Currently,  many  agencies  are  waiving  TEMPEST  countameasures  within 
the  United  States.  The  rationale  is  that  a  foreign  govanment  would  not  be 
likely  to  risk  a  TEMPEST  collection  opaation  in  an  environment  not  unda 
their  control.  Moreova,  such  attacks  r^uire  a  high  level  of  expatise,  proxim¬ 
ity  to  the  target,  and  considaable  collection  time.  Some  agencies  are  using 
alternative  technical  countameasures  that  are  considaably  less  costly.  Othas 
continue  to  use  TEM  PEST  domestically,  believing  that  TEM  PEST  procedures 


Hundreds  of 
millions  of  dollars 
have  been  spent  on 
protecting  a 
vulnerability  that 
had  a  very  low 
probability  of 
exploitation. 
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discourage  collection  attempts.  They  also  contend  that  technical  advances  will 
raise  future  vulnerabilities.  The  Commission  recognizes  the  need  for  an  active 
overseas  TEMPEST  program  but  believes  the  domestic  threat  is  minimal. 

Contractors  and  government  security  officials  interviewed  by  the  Com¬ 
mission  commend  the  easing  of  TEM  PEST  standards  within  the  last  two 
years.  However,  even  with  the  release  of  a  new  national  TEM  PEST  policy, 
implementation  procedures  may  continuetovary.  Thenew  policy  requires 
each  Certified  TEMPEST  Technical  Authority  (CTTA),  keep  a  record  of  TEM¬ 
PEST  applications  but  sets  no  standard  against  which  a  facility  can  be  mea¬ 
sured.  The  Commission  is  concerned  that  this  will  lead  to  inconsistent 
applications  and  continued  expense. 

Given  the  absence  of  a  domestic  threat,  any  use  of  TEM  PEST  countermea¬ 
sures  within  the  US  should  require  strong  justification.  Whenever  TEMPEST 
is  applied,  it  should  be  reported  to  the  security  executive  committee  who 
would  be  charged  with  producing  an  annual  national  report  to  highlight 
inconsistencies  in  implementation  and  identify  actual  TEMPEST  costs. 

Domestic  implementation  of  strict  TEMPEST  countermeasures  is  a  prime 
example  of  a  security  excess  because  costly  countermeasures  were  imple¬ 
ment^  independent  of  documented  threat  or  of  a  site's  total  security  system. 
While  it  is  prudent  to  continue  spot  checks  and  consider  TEMPEST  in  the  risk 
management  review  of  any  facility  storing  specially  protected  information,  its 
implementation  within  the  United  States  should  not  normally  be  required. 


The  Commission  recommends  that  domestic  TEM  PEST  counter¬ 
measures  not  be  employed  except  in  response  to  specific  threat  data 
and  then  only  in  cases  authorized  by  the  most  senior  department  or 
agency  head. 


Fei/1/  [bugs]  are 
uncovered  in  areas 
where  good 
physical  security 
and  access 
controls  are  in 
place  and . . .  the 
overwhelming 
number  of 
technical  attacks 
against  US 
interests  occur 
overseas. 


Technical  Surveillance  Countermeasures  (TSCM) 

Technical  Surveillance  Countermeasures  (TSCM)  involves  the  search  for 
technical  surveillance  devices  or  "bugs."  The  TSCM  function  is  decentralized 
within  the  government  and  resources  and  requirements  are  determined  at  the 
department  or  agency  level.  Traditionally,  TSCM  teams  conduct  inspections  of 
domestic  facilities  when  they  first  open  and  on  a  routine  basis  thereafter. 
TSCM  teams  are  also  called  upon  when  there  is  some  indication  of  a  threat.  A 
recent  classified  study  shows  that  over  the  last  40 years,  initial  and  routine 
domestic  inspections  uncovered  few  bugs,  with  the  exception  of  an  occasional 
hazard  such  as  an  on-line  telephone  connection  or  a  two-way  intercom  into  a 
secure  area.  The  study  also  notes  that  few  finds  are  uncover^  in  areas  where 
good  physical  security  and  access  controls  are  in  place  and  that  the  over¬ 
whelming  number  of  technical  attacks  against  US  interests  occur  overseas. 

The  failure  to  discover  any  use  of  technical  surveillance  devices  domesti¬ 
cally,  coupled  with  budgetary  pressures,  influenced  the  application  of  TSCM. 
Within  the  I ast  two  years,  the  i  nteragency  TSC M  trai  ni  ng  academy  and  two 
technical  security  laboratories  have  had  to  curtail  their  operations  because  of 
lost  funding. 
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Although  there  is  little  or  no  evidence  of  a  domestic  threat,  the  Commis¬ 
sion  believes  that  overseas  locations  can  be  very  vulnerable  to  technical  inva¬ 
sion.  It  is  therefore  very  important  to  maintain  an  active,  focused,  interagency 
R&D  program  in  support  of  TSCM.  Scarce  resources  should  be  directed  both 
to  specific  threat-driven  inspections  and  to  the  maintenance  of  an  R&D  and 
training  effort. 


The  Commission  recommends: 

a)  The  elimination  of  routine  TSCM  inspections  within  the 
United  States  in  favor  of  increased  emphasis  on  overseas  inspec¬ 
tions.  Any  domestic  TSCM  efforts  should  be  specifically  threat 
driven. 

b)  The  government  fund  a  coordinated  TSCM  R&D  and  training 
progtam  to  support  overseas  inspections  and  as  a  defense  against 
future  technoiogicai  advances  in  technicai  surveiiiance  equipment. 


PROCEDURAL  SECURITY 

Central  Clearance  Verification 

The  verification  of  an  individual's  clearance  and  level  of  access  is  a  criti¬ 
cal  component  in  the  management  of  interagency  and  industry  visits  to  classi¬ 
fied  areas.  On  any  given  day.  thousands  of  dearance  access  requests  are  made. 
Hundreds  of  personnel  are  officially  involved  in  clearance  verification.  Many 
more  are  involved  peripherally,  and  failure  of  the  process  affects  most  cleared 
person2  at  some  point. 

The  typical  visit  request  goes  through  at  least  six  steps,  involves  at  least 
three  levels  of  the  bureaucracy  at  each  agency,  and  can  take  anywhere  from 
one  to  three  days.  One  security  manager  stated  that  she  spends  some  40  per¬ 
cent  of  her  time  handling  visit  requests,  and,  that  she  must  rely  on  personal 
contacts  and  informal  channels  to  get  the  job  done.  Considering  the  hundreds 
of  visits  conducted  daily  within  the  community,  the  productivity  loss  is  enor¬ 
mous.  All  too  often,  individuals  ask  their  security  officer  to  pass  clearance 
information,  and,  when  they  arrive  at  a  meeting  location,  they  are  told,  'We 
did  not  receive  your  clearance,  you  cannot  enter  the  building."  A  flurry  of 
calls  between  the  visitor  and  his  security  officer  determines  that  the  clearances 
were  sent,  despite  the  fact  that  the  receiving  office  has  no  record  of  the  incom¬ 
ing  clearance.  Time  elapses,  sometimes  after  heated  exchanges,  the  clearance 
information  is  orally  passed,  and  the  meeting  starts: 

Despite  having  his  dearance  passed  a  week  b^e  a  quarteriy  meeting  at 
the  CM,  a  senior  miiitary  officer  was  ddayed  some  30  minutes  whiie  his 
military  assistant,  whose  certification  was  passed  and  received  at  the  same 
time,  had  no  difficulty  entering. 

The  current  clearance  verification  system  draws  upon  clearance  informa¬ 
tion  contained  in  data  bases  maintained  by  the  0  PM,  the  DoD,  and  theCIA. 


The  typical  visit 
request  goes 
through  at  least 
six  steps,  involves 
af  least  three  levels 
otthe 

bureaucracy  at 
each  agency,  and 
can  take 
any  where  from 
one  to  three  days. 
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Some  highly  sensitive  programs,  for  example,  the  DoD  SAP  community,  also 
maintain  clearance  access  data  bases  that  are  withheld  from  the  major  data 
bases.  The  CIA  community-wide  data  base  for  certifying  access  to  Sensitive 
Compartmented  Iriformation  (SCI)  is  obsolete  and  scheduled  to  be  replaced 
within  two  years.  The  DoD's  Defense  Clearance  Investigative  Index  (DCII)  is 
being  upgraded  and  will  be  interconnected  with  the  Federal  employment 
Suitability  and  Security  Investigations  Index  (SSn)  maintained  by  0PM.  The 
DoD  and  the  0PM  data  bases  contain  more  than  95  percent  of  all  collateral 
clearances.  The  proposed  CIA  system  will  include  all  of  the  SCI  clearances.  By 
combining  these  data  bases  and  adding  special  programs,  the  user  commu¬ 
nity  would  have  a  Central  Clearance  Verification  System  (CCVS).  Such  a  sys¬ 
tem  would  reduce  duplicative  record  systems,  administrative  processing, 
time  delays,  and  personnel  requirements.  In  addition,  a  central  clearance  data 
base  would  provide  the  information  backbone  for  the  application  of  "smart- 
card"  technology  for  instant  clearance  verification  (without  human  interven¬ 
tion)  for  access  to  networks.  E-mail,  and  facilities. 


The  Commission  recommends  that  a  Central  Clearance  Verification 
data  base  be  developed  and  made  available  to  industry  and  govern¬ 
ment  The  data  base  should  contain  all  collateral  and  SQ  clear¬ 
ances.  Sensitive  clearance  information  should  be  encrypted  or 
otherwise  protected  within  the  data  base. 


Certification  of  Contractor  Visits 


Contractors 
question  the  need 
for  the 
certification 
process  in  view  of 
the  heavy 
dependence  of  the 
process  on  paper. 


The  DoD  industrial  security  rules  require  stringent  control  and  prior 
approval  of  contractor  visits,  especially  when  classified  information  is  to  be 
discussed.  Contractor  visit  requests  must  be  provided,  in  writing,  in  advance 
of  an  actual  visit  However,  under  certain  circumstances,  contractor  visit 
requests  must  also  contain  a  signed  certification  from  the  cognizant  govern¬ 
ment  contracting  officer  or  prime  contractor  that  the  visitor  has  a  need-t* 
know  under  a  particular  contract  for  access  to  classified  information.  This  pol¬ 
icy  does  not  apply  to  government  employees. 

The  requirement  to  certify  need-to-know  for  each  individual  visit  request 
between  contractors  without  a  direct  classified  contractual  relationship,  has 
increasingly  caused  significant  problems  and  needless  delays.  Contractors 
question  the  need  for  the  certification  process  in  view  of  the  heavy  depen¬ 
dence  of  the  process  on  paper.  They  maintain  that  the  advent  of  facsimile 
machines  and  data  base  management  systems  for  transmitting  visit  requests 
renders  the  exercise  of  obtaining  a  contracting  officer's  signature  on  each 
paper  visit  request  obsolete.  Critics  also  cite  the  practical  difficulty  in  locating 
a  government  authority  to  certify  individual  visits.  In  many  cases,  govern¬ 
ment  certification  of  ne^-to-know  is  in  fact  a  rubber  stamp.  In  circumstances 
such  as  contractor  attendance  at  classified  symposia  and  conferences  involv¬ 
ing  general  technical  areas  or  subjects  unrelat^  to  any  particular  classified 
contract,  the  certification  rule  becomes  a  real  impediment  to  accomplishing 
normal,  legitimate  business. 
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The  Commission  believes  that  the  requirement  for  need  to  know  certifica¬ 
tions  for  contractor  visits  involving  generally  protected  projects  is  outdated, 
imposes  a  dual  standard  for  government  and  industry  security,  and  should  be 
abolished.  The  process  unnecessarily  complicates  and  slows  the  accomplish¬ 
ment  of  necessary  business  and  inhibits  the  exchange  of  information  that 
should  take  place  between  properly  cleared  and  accessed  personnel.  A 
requirement  for  government  certification  of  a  contractor's  need  to  know 
should  be  restricted  to  those  contractor  visits  or  meetings  involving  specially 
protected  projects,  rather  than  a  blanket  requirement  for  all  classified  visits 
between  contractors  without  a  contractual  rdationship. 


The  Commission  recommends  that  the  requirement  for  government 
certification  of  need-to-know  for  contractor  visits  at  the  generally 
protected  level  be  abolished. 

I 


Communitywide  Badge  Systems 


Interagency  access  procedures  established  by  various  security  organiza¬ 
tions  serve  two  basic  functions:  to  verify  a  person's  identity  and  to  validate 
clearance  level.  Virtually  all  agencies  control  ling  access  to  their  facilities  rely 
on  badges  (permanent  staff  and  visitor),  automated  and  /  or  guard  access  con¬ 
trols,  and  administrative  procedures  for  certifying  and  transferring  clearance 
information.  Over  the  years,  each  agency  has  developed  its  own  badging  sys¬ 
tem,  visitor  control  process,  and  escort  requirement  to  restrict  unauthorized 
access.  When  outsiders  seek  access  on  official  business,  however,  the  system 
frequently  breaks  down.  Badges  are  unique  to  each  agency  and  vary  in 
sophistication,  that  is,  from  serving  purely  as  visual  recognition  to  offering 
considerable  encoded  information  readable  by  automated  equipment  at  the 
point  of  entry.  Thus,  the  lack  of  standardization  makes  for  cumbersome  proce¬ 
dures  and  contributes  to  frequent  visitor  delay  at  entry  points.  In  many 
instances,  cleared  personnel  must  complete  the  same  forms,  sign  the  same 
waivers,  and  adhere  to  the  same  escort  requirements  as  uncleared  visitors, 
despite  having  had  their  clearances  passed.  One  security  manager  stated, 
"The  visit  processing  procedure  is  a  cottage  industry  in  need  of  moderniza¬ 
tion." 


Several  intelligence  agencies  (the  CIA,  the  NSA,  and  the  DIA)  have 
recently  adopted  limited  badge  reciprocity  in  an  effort  to  streamline  inter¬ 
agency  visit  procedures.  Critics  of  the  reciprocity  program  contend  that  it  is 
difficult  to  administer  (too  many  badges  for  guards  to  remember,  reader 
incompatibility,  and  so  forth),  and  that  variability  in  implementing  reciprocity 
has  exacerbated  an  already  inefficient  process.  For  example,  a  CL4  employee 
on  an  official  visit  to  the  NSA  under  the  new  badge  reciprocity  procedure 
must  still  visit  the  N  SA  central  badge  office,  fill  out  and  sign  a  form,  get  an 
NSA  visitor  badge,  and  wait  to  be  announced  to  his  or  her  host  by  the  recep¬ 
tionist,  exactly  the  same  steps  as  would  have  to  be  performed  if  the  visitor 
had  no  badge  at  all. 

The  Commission  concludes  that  the  current  badge  control  procedures  are 
costly  and  impede  interagency  business  by  authorized  personnel.  The  Com¬ 
mission  is  aware  that  the  DCI  Security  Forum  has  tasked  the  NSA  with  devel- 
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opment  of  a  community  badge  and  that  similar  efforts  are  under  way  within 
the  DoD  and  the  DoE.  These  efforts  should  be  coordinated  and  combined  to 
provide  a  single-badge  standard  throughout  the  security  community. 


The  Commission  recommendsthedevelopmentof  a  uniform  badge 
system  for  the  government's  cleared  community.  The  badge  system 
should  provide  for  visual  and  electronic  recognition,  automated 
access  control,  and  encoded  level  of  access. 


Theelimina  tion 
of  document 
tracking  would 
not  degrade 
security  but  could 
result  in 
substantial 
savings. 


Document  Tracking  and  Control 

The  DoD  Industrial  Security  Manual  (EM)  requires  itemized  accounting 
and  verification  of  Secret  documents  held  by  industry  in  support  of  classified 
contracts.  The  DoD  does  not  apply  this  standard  internally.  Neither  the  DoE 
nor  the  CIA  have  this  requirementfor  their  contractors,  and  the  Director  of 
Central  Intelligence  just  approved  theNRO's  request  for  elimination  of  this 
requirement  for  certain  Secret  SCI  documents.  Moreover,  the  Task  Force  on 
Classification  Standards  recommended  that  accounting  or  strict  tracking 
requirements  for  Top  Secret  material  in  SCI  facilities  be  eliminated. 

Contractors  contend  that  document  tracking  and  inventory  requirements 
do  not  enhance  security  and  are  very  costly  One  major  contractor  estimates  a 
single  classified  document  requires  98  minutes  handling  time  annually. 
Results  from  an  informal  survey  conducted  by  the  Commission  suggest  that 
eliminating  the  requirement  to  precisely  track  every  Secret  document  could 
reduce  document  control  personnel  staffs  by  some  40  percent.  Most  contrac¬ 
tors  would  continue  to  maintain  a  basic  data  library  function,  but  security 
requirements  for  extensive  inventories  and  recording  of  internal  transfers 
would  be  eliminated. 

A  number  of  senior  government  officials  similarly  have  questioned  the 
cost  effectiveness  of  this  type  of  document  accountability.  Some  have  opined 
that  it  is  an  expensive  control  system  but  that  they  know  of  no  case  in  which 
document  accountability  has  led  to  the  identification  of  a  spy.  We  have  heard 
that  when  accountable  documents  are  missing,  time-consuming  inquiries 
inevitably  led  to  the  condiision  that  the  material  was  "inadvertently 
destroyed."  One  senior  official  has  stated  that  the  elimination  of  document 
tracking  would  not  degrade  security  but  could  result  in  substantial  savings  if 
manpower  associated  with  thecurrent  process  is  eliminated. 

Contractors  also  object  to  the  need  for  extensive  justification  and  pro¬ 
tracted  negotiations  currently  required  for  retention  of  classified  documents 
when  a  contract  is  completed.  They  must  frequently  "reinvent  the  wheel" 
because  information  generated  for  one  contract  cannot  be  used  in  perfor¬ 
mance  of  another.  Required  to  turn  information  in  at  the  completion  of  a  con¬ 
tract,  a  contractor  must  then  approach  the  government  and  ask  for  the 
product  that  was  originally  generated  by  the  contractor.  Contractors  also  note 
that  the  regulations  are  inconsistent,  providing  for  retention  of  R&D  classified 
information  but  not  routine  contract  materials. 

The  Commission  believes  that  the  integrity  and  trustworthiness  of  per¬ 
sonnel  is  the  key  to  the  proper  protection  of  documents.  Strict  document 
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accounting  and  retention  practices  are  costly  and  do  not  deter  compromise  of 
information.  To  those  who  would  cause  damage,  pasonal  computers,  facsim¬ 
ile  machines,  copier  equipment,  and  modems  and  networks,  available  in  the 
normal  office  environment,  offer  opportunities  to  compromise  documents 
without  detection  despite  elaborate  and  costly  physical  document  account¬ 
ability  and  control  procedures. 

The  procedures  mandated  by  theDoD  Industrial  Security  Manual  to 
account  and  track  documents  do  not  provide  real  protection.  There  is  no  value 
in  accounting  for  the  physical  possession  of  100  documents  in  the  morning 
and  100  at  the  end  of  the  day  if  at  midday  they  can  be  copied  electronically 
without  detection  and  transmitted  to  an  unauthorized  party.  There  is  no  evi¬ 
dence  that  the  lack  of  tracking  of  Secret  documents  in  government  offices  has 
led  to  an  increase  in  compromises.  The  industrial  standard  should  be  no  dif¬ 
ferent. 


The  Commission  recommends  that; 

a)  The  requirement  for  internal  tracking  and  inventory  and  peri¬ 
odic  inspections  of  dassified  documents  be  eiiminated. 

b)  Contracts  be  amended  to  allow  routine  retention  of  classified 
documents  provided  that  they  are  properiy  safeguarded. 


Document  Destruction 

There  are  also  similar  accounting  and  verification  requirements  for  the 
destruction  of  classified  documents.  DoD  internal  regulations  generally 
require  records  of  destruction  and  the  imposition  of  the  two-person  rule  for 
Top  Secret  documenk  destroyed  by  government  employees.  There  is  a  two- 
person  rule  but  no  destruction  record  required  for  Secret  documenk,  and  only 
one  cleared  person  is  required  to  destroy  Confidential  documenk. 

TheDoD  Industrial  Security  Manual  requires  destruction  records  and  the 
wo-person  rulefor  destruction  of  both  Top  Secret  and  Secret  documents;  only 
one  person  is  required  to  destroy  Confidential  documents.  The  DoE  does  not 
require  records  of  destruction  for  either  Secret  or  Confidential. 

For  sa  documenk  there  generally  is  no  requirement  for  destruction  cer¬ 
tification,  but  there  is  a  two-pason  rule. 

The  same  logic  that  compels  us  to  recommend  the  elimination  of  docu¬ 
ment  accountability  drives  the  conclusion  that  document  destruction  account¬ 
ability  requirements  are  a  cost  without  a  significant  benefit,  and  the 
requirement  should  be  eliminated.  Anyone  who  wants  to  remove  classified 
information  can  do  so  while  leaving  the  accountable  record  copy  untouched 
and  then  properly  accounting  for  its  destruction.  Destruction  records,  which 
must  be  duly  dated,  signed,  and  retained,  and  the  two-person  rule  represent 
avoidable  costs  that  give  no  more  than  an  illusion  of  security. 
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The  Commission  recommends  that  item-by-item  document  destruc¬ 
tion  accountability  be  eliminated. 


The  expense  of 
using  couriers  or 
hand  carrying  all 
specially 
protect^ 
informa  fion  is 
unwarranted  in 
most  cases. 


Document  Transmittal 

In  the  current  environment,  encrypted  data  transmission  should  be  the 
rule.  Expensive,  labor  and  time  intensive  document  transmittal  by  mail  ser¬ 
vice  or  couria  should  be  the  exception. 

To  the  extent  that  it  is  necessary  to  utilize  older  methods  of  document 
transmittal,  we  recommend  a  standard  be  adopted  for  generally  protected 
information  and  one  for  specially  protected  information. 

Currently  DoD  internal  regulations  allow  Confidential  documents  to  be 
transmitted  in  US  postal  channels  eitha  by  first  class  mail  or  by  catified  mail; 
Secret  documents  must  be  sent  by  registered  mail;  Top  Secret,  SQ  and  SAP 
documents  must  either  be  sent  by  courier  or  hand-carried  by  appropriately 
cleared  and  authorized  persons.  The  Industrial  Security  Manual  i^uires  use 
of  US  postal  service  express  or  registered  mail  for  Secret  and  certified  mail  for 
Confidential  documents. 

The  Commission  believes  there  are  no  significant  risks  in  routinely  using 
registered  or  certified  mail  for  transmitting  generally  protected  information. 

In  some  cases,  first  class  mail  or  commercial  services  are  adequate. 

The  Commission  also  believes  that  the  expense  of  using  courias  or  hand 
carrying  all  specially  protected  information  is  unwarranted. in  most  cases. 
Registered  mail  is  used  to  safely  transport  expensive  jewels  and  high-value 
negotiable  instruments.  At  the  specially  protected  level,  managers  should  also 
have  the  option  of  using  catified  or  r^istaed  mail  instead  of  being  forced  to 
use  expensive  courias.  While  the  Commission  believes  transmission  options 
should  be  expanded,  the  daision  on  which  mode  is  best  suited  for  individual 
programs  should  be  made  at  the  local  level. 


The  Commission  recommends  that  the  document  transmittal  rules 
be  revised  for  both  generally  protected  and  specially  protected 
information.  Generaiiy  protected  documents  shouid  be  sent  by  US 
first  class,  certified,  or  registered  mail,  or  by  a  commercial  delivery 
service.  Speciaiiy  protected  documents  shouid  be  sent  by  either  US 
registered  maii  or  by  courier. 


Operations  Security 

Some  elements  of  the  intelligence  and  defense  community  have  been 
using  the  risk  management  process  for  many  years  unda  the  rubric  of  Opera- 
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tions  Security  (OPSEC).  Growing  out  of  lessons  learned  in  the  Vietnam  war, 
OPSEC  seeks  to  "control  information  and  observable  actions  about  one's 
capabilities,  limitations,  and  intentions  so  as  to  prevent  or  control  their  exploi¬ 
tation  by  an  adversaiy."^^  Emphasis  is  placed  on  the  analysis  of  unclassified 
information  and  public  sources. 

Seeking  to  institutionalize  this  process,  in  1988  Nationai  Security  Decision 
Directive  (NSDD)  298  mandated  the  implementation  of  a  formal  OPSEC  pro¬ 
gram  by  each  executive  department  and  agency  with  national  security 
responsibilities.  It  designated  the  Director  of  NSA  as  executive  agent  for 
OPSEC  programs  and  tasked  him  to  establish  and  maintain  an  Interagency 
OPSEC  Support  Staff  (lOSS)^^  to  provide  consultancy  and  training  for  execu¬ 
tive  departments  and  agencies  required  to  have  formal  OPSEC  programs. 

The  Commission  believes  that  there  is  a  clear  and  compelling  need  for 
operational  security  in  a  military  environment  and  in  the  conduct  of  sensitive 
operations.  Howevet,  in  the  years  since  the  establishment  of  the  National 
Opaations  Security  Program,  a  formal  OPSEC  structure  has  developed  apace, 
with  OPSEC  responsibilities  being  assigned  at  each  organizational  level  of 
DoD  service  departments  and  agencies,  at  the  DoE,  and  at  other  government 
departments  and  agencies.  There  is  now  a  robust  OPSEC  community  coexist¬ 
ing  with,  but  for  the  most  part,  separate  from  the  standard  security  structure. 
The  OPSEC  Professionals  ^ci^  boasts  of  a  membaship  of  some  475  profes¬ 
sionals,  with  membership  being  equally  divided  between  government  and 
the  private  sector. 

OPSEC  is  perceived  by  many,  particularly  in  industry,  as  just  a  new  way 
to  repackage  security  r^uirements  using  elaborate  procedures.  It  is  seen  as  a 
^arate  discipline  not  integrated  with  other  security  disciplines  and  compet¬ 
ing  with  them  for  scarce  resources.  National  OPSEC  requirements  are  framed 
in  such  general  terms  as  to  provide  insufficient  guidance  for  program  manag- 
as  and  resource  allocation.  Moreover,  despite  the  NSA's  training  of  ova  2,200 
individuals  in  the  OPSEC  process  ova  the  past  3  years,  industry  sources 
advisethat  government  security  managas,  contracting  officas,  and  program 
managas  are  not  trained  in  and  do  not  undastand  OPSEC  methodology, 
rarely  request  OPSEC  surveys,  do  not  provide  specific  threat  data,  or  inspect 
for  OPSEC  compliance.’'^  To  meet  the  demands  of  govanment  contracts, 
industry,  which  also  has  a  shortage  of  expaienced  OPSEC  people,  must 
recruit  and  train  people  to  provide  consultant  support  to  ongoing  classified 
industrial  programs  at  unwarranted  expense. 

No  one  interviewed  by  the  Commission  questioned  the  appropriateness 
of  selecting  cost  effective  security  countermeasures  based  on  the  assessment 
of  risk.  What  is  questioned  is  the  wholesale  imposition  of  the  separate  OPSEC 
structure  to  all  sensitive  govanmental  activities,  including  classified  contracts 
with  industry.  OPSEC  should  not  be  a  separate  program,  but  part  of  the  risk 
management  philosophy  that  is  integrated  throughout  the  existing  security 
structure. 
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The  Commission  recommends  that: 

a)  The  norm4  security  staff  structure  and  risk  management  pro¬ 
cesses  be  incorporated  into  security  and  security  awareness  training 
programs  at  all  levels. 

b)  Mandatory  requirements  for  formal  OPSEC  programs  be 
deleted  from  all  contracts  except  those  in  response  to  specific  threats 
and  then  only  when  specifically  authorized  by  the  most  senior 
department  or  agency  head. 

c)  NSDD  298  be  reviewed,  revised,  or  rescinded  in  accordance 
with  these  new  requirements  for  OPSEC. 
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Protecting  Advanced  Technology 


Security 
safeguards  mu  St 
ensure  that 
disclosures  do  not 
go  beyond  their 
authorized  scope 


With  the  end  of  the  Cold  War  and  facing  new  challenges  to  US  economic 
competitiveness,  policymakers  are  focusing  on  the  threat  from  foreign  gov¬ 
ernment  and  nongovernment  entities  to  US  advanced  technologies,  defense- 
related  industries,  proprietary  data,  intellectual  property  rights,  and  trade 
secrets.  The  increased  value  of  US  technical  information  necessitates  balanc¬ 
ing  national  policy  objectives  and  the  importance  of  sharing  information  with 
the  need  to  protect  our  leading  edge  technologies. 

Highest  priority  is  given  to  limiting  the  prolifaation  of  weapons  of  mass 
destruction  and  advanced  conventional  weapons.  Counterprol iteration  and 
nonproliferation  policies  range  from  diplomacy  and  export  control  regimes  to 
the  development  of  new  weapon  systems  and  tactics  to  counter  advanced  for¬ 
eign  systems  on  the  battlefield.  N^otiating  and  implementing  a  new  interna¬ 
tional  export-control  framework  is  a  complex  task,  and  bringing  consistency 
and  coherence  to  US  export-control  policy  requires  the  resolution  of  sharply 
conflicting  interests.  Both  require  an  overall  strategic  direction  that  is  beyond 
the  Commission's  mandate.  The  Commission  has  focused  on  a  smaller  seg¬ 
ment  of  the  counterproliferation  policy  spectrum,  specifically  the  policies  and 
procedures  r^arding  foreign  ownership  or  control  of  industrial  firms  per¬ 
forming  classified  contracts,  military  exchanges  with  foreign  governments, 
and  national  disclosure  of  classified  information  to  permitexport  and  copro¬ 
duction  of  classified  weapon  systems. 

The  risk  in  each  of  these  situations  is  that  foreign  entities  will  exploit  the 
relationship  in  ways  that  do  not  save  our  ovaall  national  goals  of  preserving 
our  technological  advantages  and  curtailing  prolifaation.  These  goals  gena- 
ally  i  ncl  ude  keepi  ng  catai  n  nations  from  c^tai  ni  ng  the  technical  capabi  I  i ties 
to  develop  and  produce  advanced  weapon  systems  and  from  acquiring  the 
ability  to  counta  advanced  US  weapon  systems.  In  cases  whae  US  national 
intaests  require  the  sharing  of  some  of  our  capabilities  with  foreign  govern¬ 
ments,  security  safeguards  must  ensure  that  foreign  disclosures  do  not  go 
t^ond  their  authorized  scope.  Safeguards  must  also  be  tailored  to  new  pro¬ 
lifaation  threats  and  applied  effectively  to  the  authorization  of  foreign  invest¬ 
ment  in  classified  defense  industry  and  the  granting  of  access  by  foreign 
representatives  to  our  classified  facilities  and  information. 

The  Commission  notes  an  additional  area  that  is  beyond  the  scope  of  this 
report  but  maits  furtha  attention.  This  issue  is  the  neol  to  update  counter- 
prolifaation  guidelines  for  prepublication  review  of  reports  of  scientific  and 
technical  research  funded  by  thegovanment.  Such  mattas  involve  the  deli¬ 
cate  balance  between  our  paramount  national  commitment  to  an  open  scien¬ 
tific  community  and  the  impaative  to  control  the  spread  of  weapons  of  mass 
destruction  by  limiting  access  to  unclassified  but  high-risk  data.  Improved 
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protection  of  classified  technology,  as  proposed  by  the  Commission,  is  only 
one  part  of  the  comprehensive  counterproliferation  program  that  our  nation 
requires. 


Foreign  Ownership,  Controi,  and  Infiuence 

A  basic  tenet  of  our  industrial  security  policy  is  that  business  firms 
engaged  in  classified  government  work  should  be  controlled  by  pasons  who 
can  be  trusted  to  safeguard  classified  information.  DoD  policy,  for  example, 
requires  that  any  company  bidding  on  classified  contracts  must  hold  a  facility 
security  clearance  issued  by  the  government.  The  DoD  also  requires  that  the 
firm  should  not  be  subject  to  undue  control  or  influence  by  foreign  investors. 
When  a  foreign  i nvestor  buys  or  otherwise  acqui res  i nfl uence  over  a  U S com¬ 
pany,  the  retention  or  initial  issuance  of  a  facility  clearance  is  dependent  upon 
a  favorable  Foreign  Ownaship,  Control,  and  Influence  (FOCI)  determination. 
During  the  Cold  War,  r^ulatory  policies  governing  FOCI  determinations 
ranged  from  total  risk  avoidance  to  risk  acceptance.  For  example,  FOCI  policy 
prohibited  Soviet  and  other  Communist  countries  from  having  a  financial 
intaest  in,  or  othawise  influencing,  US  companies.  Flowever,  with  respect  to 
non-Communist  countries,  especially  our  allies,  special  procedures  were 
developed  to  mitigate  FOCI  in  order  to  permit  foreign  investment  without 
compromising  classified  information 

Until  1992,  thae  was  a  growing  effort  to  accommodate  the  desires  of  for¬ 
eign  investors  so  as  to  encourage  the  infusion  of  capital  and  the  development 
of  joint  projects  to  exploit  technologies  and  markets  to  the  benefit  of  both  US 
companies  and  their  foreign  investors.  A  controversy  arose  in  1992  when  a 
~  foreign  firm  that  was  majority  owned  and  controlled  by  a  foreign  government 
sought  to  acquire  a  leading  US  defense  company  performing  work  in  support 
of  highly  classified  programs.  Questions  were  raised  about  the  sufficiency  of 
traditional  FOCI  security  arrangements  (generally  legal  instruments  to  insu¬ 
late  US  managers  and  workers  from  foreign  owners  or  limit  the  scope  of  clas¬ 
sified  contracting)^  to  protect  classified  leading  edge  technology  from  foreign 
exploitation. 

The  case  triggered  a  DoD  and  Congressional  review  of  FOCI  policy  and 
reflected  a  growing  concern  over  foreign  economic  espionage  aimed  at 
advanced  US  technology.  As  a  result,  the  DoD  drafted  a  propos^  new  FOCI 
policy,  but  the  proposal  proved  controversial  and  was  shelved,  waiting  in  part 
for  the  recommendations  of  this  Commission.  Congress  also  enacted  legisla¬ 
tion  in  1992  barring  foreign  govanment-controlled  companies  from  acquiring 
US  companies  engaged  in  classified  contracts  unless  the  transaction  is 
approved  in  accordance  with  the Exxon-Florio  Amendment^. 

The  Commission  supports  foreign  investment  in  the  US  defense  industry 
base  but  believes  that  FOCI  policy  should  ensure  that  foreign  firms  cannot 
undermine  US  security  and  export  controls  to  gain  unauthorized  access  to 
critical  technology.  Essential  to  a  sound  policy  is  current  intelligence,  counta- 
intelligence,  and  law  enforcement  information  on  attempts  by  foreign  govern¬ 
ments  and  commercial  interests  to  obtain  such  access.  This  requires  a  closer 
relationship  between  the  industrial  security  programs  and  the  Intelligence 
community. 


FOCI  policy 
should  ensure 
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opportunity  to 
undermine  US 
security  and 
export  controls  to 
gain 

unauthorized 
access  to  critical 
technology. 
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The  lack  of  a 
common  FOCI 
policy  contributes 
to  a  lack  of 
reciprocity  among 
government 
agencies  and  may 
also  place  certain 
companies  at  a 
competitive 
disadvantage 


The  Commission  found  that  policymakers  do  not  always  have  the  infor¬ 
mation  necessary  to  make  sound  and  timely  FOCI  decisions.  Comprehensive 
counterintelligence  or  intelligence  information  as  to  ultimate  ownership, 
much  less  control  or  influence,  is  not  centrally  collected,  analyzed,  and  made 
available  to  FOCI  decision  makers.  The  absence  of  a  centralized  FOCI  deci¬ 
sion  data  base  also  limits  the  flow  of  information  and  slows  FOCI  determina¬ 
tions.  Legal  review  of  contract  documents  enunciating  security  provisions  to 
isolate  FOCI  is  performed  by  the  CIA,  the  DoE,  and  the  DoD.  However, 
within  the  DoD,  FOCI  contract  documents  are  not  consistently  submitted  for 
review  by  experts  in  the  DoD's  Office  of  General  Counsel. 

The  Commission  also  found  that  there  is  no  coherent  national  policy  on 
FOCI.  When  foreign  investment  is  sought  in  US  industries  that  work  with  the 
Defense  and  Intelligence  Communities,  FOCI  decisions  are  independently 
mad  e  by  the  DoD,  the  DoE,  and  the  C I A .  Each  has  its  ow  n  proc^  u  res  for 
developing  and  evaluating  available  threat  information,  devising  an  accept¬ 
able  security  arrangement,  and  monitoring  compliance.  For  example,  DoD 
FOCI  determinations  are  made  on  a  company  by  company  basis  whaeas  the 
CIA's  determination  is  on  a  procurement  by  procurement  basis.  Moreova,  an 
agreement  such  as  the  DoD's  Special  Security  Agreement  (SSA),  is  not  accept¬ 
able  to  the  CIA  and  the  DoE  brause  the  S^  al  lows  the  foreign  i  nvestor  to 
exercise  considerable  management  control  over  the  US  company.  The  CIA 
believes  this  approach  does  not  totally  negate  FOCI-related  security  prob¬ 
lems.  Thus,  a  major  US  firm  with  multiple  contracts  sponsored  by  the  DoD, 
the  DoE,  and  the  CIA  may  be  subject  to  more  than  one  FOCI  arrangement. 

The  lack  of  a  common  FOCI  policy  contributes  to  a  lack  of  reciprocity 
among  govanment  agencies  and  may  also  place  certain  companies  at  a  com¬ 
petitive  disadvantage.  For  example,  the  CIA  judged  one  company  a  signifi¬ 
cant  FOCI  risk,  butthisdid  not  stop  the  NSA  from  letting  an  unclassified  but 
sensitive  contract  with  that  same  firm.  Although  a  common  FOa  policy  is 
being  considaed  by  the  DoD,  the  DoE,  the  CIA  and  industry,  there  is  no  coor¬ 
dinating  mechanism  to  ensure  that  the  policy  will  be  implemented,  uniformly 
applied,  and  enforced. 

The  Commission  recognizes  that  foreign  investment  can  play  an  impor¬ 
tant  role  in  maintaining  the  vitality  of  the  defense  industrial  base.  The  existing 
FOCI  policies  and  the  political  climate  si  nee  the  1992  controversy  have  dis¬ 
couraged  foreign  investment.  However,  as  a  matter  of  policy,  DoD  has  a  num¬ 
ber  of  programs  to  encourage  cooperative  international  R&D  and 
procurement  with  our  allies  to  spread  the  burden  of  increasing  costs  and 
decreasing  defense  budgets.  The  Commission  encourages  these  efforts  and 
believes  that  FOCI  policy  should  not  undaminethem. 

The  Commission  also  believes  that  "buy  American"  provisions,  which 
preclude  foreign  firms  from  competing  for  US  government  contracts,  must  be 
used  only  when  US  national  security  interests  would  truly  be  threatened  by 
foreign  participation.  "Buy  American"  restrictions  should  never  be  used  for 
protectionist  purposes.  Finally,  the  Commission  notes  that  international 
defense  trade  is  increasing  and  that  measures  taken  by  the  United  States  can 
invite  retaliatory  action  by  other  nations  that  would  harm  US  economic  and 
security  interests. 

The  Commission  believes  that  the  security  executive  committee  should, 
as  a  key  priority,  develop  a  policy  and  a  mechanism  to  balance  these  compet- 
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ing  intaests.  The  policy  should  be  based  on  a  risk  management  approach  that 
pamits  departments  and  agencies  to  tailor  the  measures  that  are  n^ed  in  an 
individual  transaction.  Rigid  structures  that  inhibit  foreign  investment  should 
be  avoided. 


The  Commission  recommends  that  a  coordinated  FOCI  policy  be 
deveioped  by  the  security  executive  committee. 


Foreign  Exchange  Agreements-The  Status  Quo 

Our  foreign  economic  competitors  focus  a  considerable  amount  of  their 
collection  efforts  on  United  States  leading  edge  technology  and  defense- 
related  industry  Information  is  obtained  both  overtly  and  covertly.  Foreign 
liaison  and  cooperative  exchange  programs,  such  as  the  Defense  Develop 
ment  Exchange  Program  (DDEP)  and  the  Personnel  Exchange  Program 
(PEP),^  al  low  the  U  nited  States  to  exchange  i  nformation  concern!  ng  mi  I  itary, 
technical,  or  scientific  data;  weapons;  weapon  systems;  or  operational  con¬ 
cepts  with  its  allies.  However,  the  Commission  has  come  to  believe  that  the 
United  States  is  losing  more  than  it  is  gaining  through  participation  in  many 
foreign  exchange  agreements.  These  programs,  designed  to  betta  marshal  the 
technological  capabilities  of  the  United  States  and  its  allies,  as  weii  as  to 
reduce  costs,  have  also  served  as  vehicles  for  covert  exploitation  of  our  most 
sensitive  technologies. 

Foreign  governments  frequently  stretch  the  boundaries  of  intergovern¬ 
mental  program  relationships  with  aggressive,  persistent,  and  coordinated 
efforts  to  gain  access  to  nonreleasable  technological  data  that  they  can  use  to 
further  economic  competition  with  the  United  States.  This  can  be  accom¬ 
plished  through  international  data  exchange  programs,  which  have  grown 
tremendously  over  the  past  30  years  as  more  and  more  industrial  countries 
seek  advanced  US  technologies.  There  are  approximately  750  DoD-wide 
agreements,  with  over  310  data  exchange  agreements  in  one  military  service 
alone. 

Foreign  liaison  officers  working  within  key  DoD  organizations  can  gain 
knowledge  and  invaluable  insight  into  US  leading-edge  technology  programs 
under  development.  Within  one  military  service,  approximately  118  foreign 
military  personnel  from  19  countries  work  under  the  Pasonnel  Exchange  Pro¬ 
gram;  43  foreign  scientists  or  engineers  from  6  countries  work  within  its 
research  and  development  facilities;  and  172  foreign  liaison  officers  officially 
representing  22  countries  are  integrated  within  various  other  service  ele¬ 
ments.  Often,  foreign  governments  use  this  insider  knowledge  to  target  and 
pursue  technical  information  early  in  a  major  acquisition  systems  life  (^cle 
and  then  work  against  civilian  targets,  such  as  DoD  contractors  and  univer¬ 
sity  scientists  engaged  in  defense  work.  Foreign  liaison  officers  can  also 
exploit  their  official  status  to  gain  'back  door"  access  to  special  access  pro¬ 
gram  technologies: 

On  se/eral  occasions,  when  a  foregn  liaison  oncer's  request  for  sensitive 
technical  infonnation  was  denied  by  one  military  command,  the  same 
request  would  surface  through  another  foreign  liaison  officer  at  another 


The  United  States 
is  iosing  more 
than  it  is  gaining 
through 

participation  in 
many  foreign 
exchange 
agreements. 
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command.  In  one  Instance,  the  second  request  occurred  within  one  day  of 
the  first  denial. 

Critics  of  the  Defense  Development  Exchange  Program  maintain  that  the 
program  has  become  a  one-way  street  for  foreign  governments  to  funnel 
United  States  advanced  technology  overseas,  while  providing  comparativefeiy 
little  of  value  to  the  United  States  in  return.  A  US  Army  Intelligence  study^"* 
found  that  valuable  classified  and  unclassified  underlying  technologies  in 
many  advanced  weapon  systems  not  authorized  for  release  are  being  lost  to 
foreign  governments  through  the  Defense  Development  Exchange  Program 
These  losses  may  eventually  compromise  our  weapon  systems  and  erode  our 
technological  superiority  on  the  battlefield,  or  at  the  very  least,  provide 
advanced  technology  to  US  economic  competitors. 


The  Commission  recommends  that  the  Secretary  of  Defense  review 
existing  data  exchange  programs,  using  updated  threat  information, 
to  determine  whether  the  programs  should  be  continued,  canceled, 
or  renegotiated  to  ensure  they  are  in  concert  with  current  US 
national  security  and  economic  goals. 


Threat  Analysis-Vital  to  Protecting  Advanced  Technology 

The  Commission  recognizes  the  gravity  of  having  leading-edge  technol¬ 
ogy  and  weapons  in  the  hands  of  foreign  adversaries.  However,  the  foreign 
exchange  approval  authorities  of  the  military  services  generally  make  their 
determinations  within  the  acquisition  or  intanational  programs  community 
and  without  participation  by  security,  intelligence  and  counterintelligence 
elements.  Moreover,  these  authorities  often  do  not  ascertain  the  impact  of  pro¬ 
posed  technology  releases  on  the  security  of  related  future  weapons  or 
weapon  support  systems.  Intelligence  and  counterintelligence  support  ele¬ 
ments  can  assist  in  devising  the  most  effective  course  of  action  to  deny  foreign 
collection  efforts.  Threat  information  is  available  through  thelXU's  Nonpro¬ 
liferation  Center,  theDIA's  National  Military  Intelligence  Production  Centa, 
and  the  CIA's  Directorate  of  Intelligence.  The  Commission's  proposed  inter¬ 
agency  counterintelligence  "one-stop  shopping"  effort  will  also  provide  a 
focal  point  for  obtaining  threat  information  needed  for  national  level  security 
policies. 

For  most  organizations  below  headquarters  level,  however,  the  need  is 
for  information  on  the  local  threat  to  technologies  under  development  or  to 
critical  facilities,  rather  than  information  pertaining  to  the  broad  national 
threat.  Field  organizations  maintain  that,  to  be  of  value,  threat  assessments 
must  specify  the  foreign  entity  involved,  identify  what  programs  or  systems  it 
is  targeting,  and  identify  the  specific  areas  of  the  country  in  which  adversaries 
are  operating.  As  a  first  step  in  meeting  the  local  need,  the  DoD  should  mod¬ 
ernize  its  counterintelligence  collection  and  reporting  system  to  speed  the 
flow  and  improve  the  quality  of  both  raw  and  finished  counterintelligence 
products  into  a  pull-down  data  base  network.  Counterintelligence  elements 
should  then  work  in  daily  partnership  with  field  elements  to  explain  the 
issues  associated  with  protecting  particular  systems,  provide  practical  local 
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solutions,  and  serve  as  a  valuable  feed  back  mechanism  in  the  total  security 
process. 

The  Commission  believes  the  military  services'  counterintelligence  ele¬ 
ments  must  work  closely  with  the  FBI  with  these  concerns  in  mind,  so  as  to 
ensure  a  seamless,  integrated  capability  and  a  consolidated  FBI,  DoD,  and 
defense  industry  network  against  economic  espionage. 


The  Commission  recommends  that  the  Secretary  of  Defense  direct 
that  comprehensive,  coordinated  threat  anaiysis,  inteiiigence,  and 
counterinteiiigence  support  be  provided  to  faciiitate  risk  manage¬ 
ment  for  DoD  criticai  technoiogies,  systems,  information,  and  facili¬ 
ties. 


The  National  Disclosure  Policy 

TheNational  D  i  scl  osu  re  Pol  icy(NDP),^  established  under  a  Presidential 
dive,  provides  the  framework  for  approval  or  denial  of  disclosure  of  clas¬ 
sified  military  information  to  foreign  governments  and  international  organi¬ 
zations.  It  also  governs  the  export  of  classified  military  articles  and 
unclassified  military  articles  with  embedded  classified  components.  The  Sec¬ 
retaries  of  the  military  departments  have  been  delegated  authority  to  render 
decisions  with  respect  to  disclosure  of  their  information  to  the  govanments  of 
most  countries  with  which  the  United  States  has  mutual  defense  arrange- 
-  ments.  In  the  case  of  other  countries  an  exception  to  policy  is  usually  required. 
Exceptions  to  policy  may  be  approved  when  it  is  determined  that  the  pro¬ 
posed  export  or  disclosure  will  result  in  benefits  to  the  US  Government  that 
outweigh  the  damage  that  might  accrue  to  US  foreign  policy,  national 
defense,  or  military  operational  interests  if  the  system  or  its  underlying  tech¬ 
nology  should  be  compromised. 


Specific  senior- 
level  review 
decisions  have  not 
always  been 
communicated  to 
the  mid-level 
acquisition  or 
international 
program  officials. 


The  Commission  notes  that  the  National  Disclosure  Policy  Committee 
(N  DPC),  chaired  by  the  DoD,  coordinates  foreign  release  policy  and  govem- 
ment-to-govenuner\t  agreements.  Exceptions  to  the  National  Disclosure  Pol¬ 
icy  receive  senior-level  review  within  the  DoD  as  coordinated  by  the  N  DPC. 
However,  most  routine  release  decisions  are  made  by  field  elements  under 
authority  delegated  by  the  Secretaries  of  the  military  departments.  This 
decentralized  execution  leads  to  different  interpretations  as  to  what  is  releas¬ 
able  within  the  broad  outlinesof  theNDP  and  consequently,  different  actual 
release  decisions.  Moreover,  the  Commission  found  that  specific  senior-level 
review  decisions  have  not  always  been  communicated  to  the  midlevel  acqui¬ 
sition  or  intanational  program  officials  within  the  military  services,  who  over 
the  years  have  made  the  day-to-day  disclosure  decisions  under  specific  data 
exchange  agreements.  A  lack  of  understanding  of  the  foreign  disclosure  pro¬ 
cess  by  less-senior  individuals,  combined  with  the  absence  of  current  threat 
assessments  and  an  automated  DoD  data  exchange  process,  prevents  effective 
and  consistent  execution  by  elements  involved  throughout  the  DoD  and  the 
military  services. 
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The  Commission  recommends  that  the  Secretary  of  Defense: 

a)  Centralize’  responsibility  for  coordinating  and  overseeing  all 
foreign  exchange  programs  and  issues  at  a  senior  level. 

b)  Improve  and  modernize  the  National  Disclosure  Policy  pro¬ 
cess  to  ensure  that  senior-level  disclosure  decisions  are  readily 
available  through  a  centralized,  dynamic,  interactive  computer- 
driven  mechanism. 


The  critical 
foreignexchange 
informafion 
contained  in  the 
FORDTIS  data 
base  should  be 
made  available  to 
moreDoD 
consumers. 


Recording  Foreign  Disciosure  Decisions 

The  Commission  commends  the  DoD  for  creating  the  Foreign  Disclosure 
and  Technical  Information  System  (FORDTIS)  data  base  to  house  decisions  of 
foreign  release  determinations  and  exceptions  to  foreign  disclosure  policy, 
technology  transfers,  and  official  foreign  visits.  The  Commission  supports  the 
DoD's  ongoing  expansion  of  FORDTIS  to  military  warfighting  elements,  such 
as  US  combatant  commanders,  to  aid  in  determining  specific  classified  and 
unclassified  technologies  or  weapon  systems  that  are  releasable  to  foreign 
coalition  partnas.  However,  the  Commission  believes  that  the  critical  foreign 
exchange  information  contained  in  the  FORDTIS  data  base  should  be  updat^ 
and  made  available  to  more  DoD  consumers  to  aid  them  in  analyzing,  pro¬ 
gramming,  and  planning  activities.  Counterintelligence  elements,  in  particu¬ 
lar,  should  use  the  FORDTIS  data  base  in  determining  the  current  status  of 
releases  of  US  technologies  and  systems. 


The  Commission  recommends  that  the  Secretary  of  Defense: 

a)  Expand  access  to  the  Foreign  Disclosure  and  Technical  Infor¬ 
mation  System  (FORDTIS)  data  base  to  command  and  other  DoD 
consumers  to  support  defense  planning,  programming,  resourcing, 
analysis,  and  information-sharing  activities. 

b)  Ensure  counterintelligence  elements  cross-check  critical  sys¬ 
tems  or  technologies  against  the  Foreign  Disclosure  and  Technical 
Information  System  (FORDTIS)  data  base  to  determine: 

1)  the  extent  to  which  baseline  technologies  on  each  system  have 
been  released  to  foreign  nations,  and; 

2)  the  vulnerabilities  posed  to  current  or  future  weapons  or  weap¬ 
ons  support  systems  if  exchanges  continue  under  the  applicable 
Defense  Development  Exchange  Program  agreements. 
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Chapter  7. 

A  Joint  Investigative  Service 


Oneof  the  more 
ejfect  ive  means  of 
reducing  overall 
personnel 
security  costs, 
while  enhancing 
f  he  security 
posture  of  our 
na  fion,  would  be 
to  reorganize 
current 
investigative 
resources  and 
thoroughly 
modernize  the 
process  of 
gathering, 
investigating, 
reporting,  and 
storing 
background 
investigative 
information. 


The  Commission  has  examined  the  organizational  arrangements  in  the 
Department  of  Defense  and  the  Intelligence  Community  for  the  performance 
of  pasonnel  security  background  investigations  and  industrial  security  func¬ 
tions.  The  Commission  believes  that  the  ^ectiveness  of  these  activities  can  be 
substantially  improved  by  the  establishment  of  a  new  joint  investigative  sa- 
vice. 


For  the  DoD,  virtually  all  personnel  security  background  investigations 
for  civilian,  military  and  contractor  personnel  are  conducted  by  the  Defense 
Investigative  SavicefDIS).  In  the  Intelligence  Community,  pasonnel  security 
background  investigations  are  conducted  by  the  DIS  for  the  DoD  component, 
including  the  NSA  and  the  DIA.  TheCIA  and  the  NRO  have  their  own  inter¬ 
nal  organizations  that  conduct  or  contract  out  background  investigations  for 
their  employees  and  contractor  pasonnel .  The  N  SA  also  has  an  intanal 
investigative  organization  that  p^onns  a  limited  number  of  background 
investigations. 

The  DIS  also  performs,  for  theDoD,  all  initial  industrial  facility  certifica¬ 
tions  which  establish  that  a  contractor  facility  is  eligibleto  receive  classified 
information.  The  DIS  then  paforms  a  full  range  of  industrial  security  func¬ 
tions,  such  as  periodic  inspections  and  assistance  visits,  for  aH  cleared  facili¬ 
ties  except  for  all  Navy  special  access  programs  and  for  certain  Air  Force 
special  access  programs.  This  contrasts  with  the  Intelligence  Community's 
daentralized  approach  that  emphasizes  integration  of  saurity  with  program 
management  teams. 

Personnel  Security  Investigations 

The  Commission  believes  that  one  of  the  more  effective  means  of  reduc¬ 
ing  ovaall  pasonnel  security  costs,  while  enhancing  the  security  posture  of 
our  nation,  would  be  to  reorganize  current  investigative  resources  and  thor¬ 
oughly  modanize  the  process  of  gathaing,  investigating  reporting,  and  stor¬ 
ing  background  investigative  information.  A  previous  section  of  this  report 
outlined  the  substantial  savings  to  be  realized  through  improving  the  timeli¬ 
ness  of  the  investigative  product.  Howeva,  we  also  heard  from  the  end  usas 
that  the  investigative  products  they  receive  are  uneven  in  quality  and  com¬ 
pleteness.  because  of  this,  organizations  often  upscope  investigations  com¬ 
pleted  by  otha  investigative  organizations,  or  othawise  invest  in  additional 
types  of  vetting  mediums,  to  establish  greata  confidence  in  their  pasonnel. 
For  example,  a  major  SAP  contracts  out  investigations  ratha  than  take  advan¬ 
tage  of  "free"  investigations  provided  by  the  DIS  because  of  concans  about 
quality  and  timeliness. 
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The  Commission  believes  that  establishing  measurable  objectives  to 
improve  the  timeliness  and  quality  of  investigations  offers  a  solution  to  at 
least  part  of  the  problem.  However,  the  current  deficiencies  and  impending 
budget  reductions  casts  doubt  on  improving  the  situation  under  the  present 
organizational  structure.  For  ©<ample,  theDIS  faces  a  25  percent  budget 
reduction  over  the  next  4  years.  Therefore,  the  Commission  believes  decisive 
and  innovative  action  must  be  taken  to  resolve  these  problems. 

The  Commission  proposes  forming  a  new  joint  personnel  security  inves¬ 
tigative  organization  for  theDoD  and  the  Intdiigence  Community.  A  new 
organization  is  needed  to:  establish  progressive  leadaship;  realize  savings  in 
manpower  and  personnel;  maximize  economies  of  scale;  achieve  commonalty 
of  product;  provide  a  single  focus  for  implementing  technological  improve¬ 
ments  and  ^iciencies;  and  enhance  professionalism  and  career  opportunities. 

The  new  joint  investigative  savice  would  be  charged  with  conducting  all 
personnel  security  background  investigations  for  military  members,  civilian 
employees  and  contractors  of  the  DoD,  the  CIA,  the  N  RO,  the  N  SA  and  all 
other  entities  reporting  to  the  Secretary  of  Defense  and  the  Director  of  Central 
Intelligence.  The  only  exceptions  to  the  investigative  jurisdiction  of  the  joint 
investigative  service  should  be:  1)  investigations  of  cabinet  officials  and  polit¬ 
ical  appointees  currently  performed  by  the  FBI;  2)  investigations  of  new  civil¬ 
ian  employees  hired  into  the  DoD  and  the  Intelligence  Community  who 
occupy  nonsensitive  positions  and,  therefore,  fall  under  the  jurisdiction  of  the 
0PM,  and;  3)  pasonnel  specifically  exempted  by  the  Director  of  Central  Intel¬ 
ligence. 

The  Commission  proposes  that  the  joint  investigative  service  be  estab- 
..  lished  by  incorporating  the  personnel  security  investigative  elements  and 
resources  of  theDIS,  the  NSA,theNRO  and  the  CIA.  The  Commission  further 
recommends  that  the  joint  investigative  service  be  staffed  with  both  full-time 
investigators  and  rotational  pasonnel  from  the  security  offices  of  the  various 
^encies  that  it  saves.  This  would  facilitate  communication  between  the 
investigative  agency  and  its  customas,  and  would  provide  govanment  sau- 
rity  officas  with  an  opportunity  to  gain  valuable  investigative  expaience. 
The  joint  investigative  savice  should  also  establish  specific  units  to  handle 
individuals  with  cova  considaations,  reporting  these  investigations  through 
secure  channels.  Moreova,  the  joint  investigative  service  would  contract  out 
domestic  investigations  when  appropriate,  such  as  priority  investigations, 
and  pursue ovaseas  leads  using  m-pl ace  military  and  govanment  resources 
on  a  reimbursable  basis.  Howeva,  individual  agencies  would  continue  to 
conduct  their  own  special  investigations,  such  as  countaintelligence  and 
criminal  investigations,  and  perform  their  own  adjudications. 

The  Commission  believes  that  the  joint  investigative  service  should  be 
industrially  funded.  The  most  efficient  and  customa  responsive  agencies  are 
those  that  opaate  on  a  fee-for-service  basis.  For  example,  the  Commission 
learned  that  until  the  0PM  became  industrially  funded,  it  had  a  relatively 
poor  reputation  for  delivaing  a  timely,  quality  investigative  product.  Since 
instituting  a  revolving  fund  mechanism,  the  0PM  has  cut  investigation  times 
dramatically,  initiate  many  innovative  automation  linkages  with  customa 
agencies,  and,  according  to  customas,  improved  the  quality  of  its  investiga- 
tiorrs. 


The  new  Joint 
investigative 
service  wouid  be 
charged  with 
conducting  aii 
person  nei 
security 
background 
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empioyees  and 
contractors  of  the 
DoD,  theCIA, 
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Chapter  7.  A  Joint  Investigative  Service 


The  Commission  recommends  that  a  joint  investigative  service  be 
established  that  performs  all  personn^  security  background  inves¬ 
tigations  on  a  fee-for-service  basis  for  the  DoD,  the  N  SA,  the  N  RO, 
the  Cl  A  and  other  organizations  that  report  to  the  Secret?.ry  of 
Defense  or  the  Director  of  Central  Intelligence. 


The  program- 
oriented  approach 
. . .  makes  security 
directiy 

accountable  for  the 
quality  and 
timeliness  of  its 
service 


Industrial  Security 

With  respect  to  industrial  security,  the  Commission  found  two  distinct 
approaches  to  the  protection  of  classified  information  by  contractors:  central¬ 
ize  and  decentralized.  The  CIA,  the  N  RO,  the  N  SA  and  some  of  the  DoD 
special  access  programs  integrate  security  into  program  management.  This 
decentralized  approach  integrates  small  security  elements  into  program  man¬ 
agement  teams  with  core  security  functions  provided  by  a  centralized  savice. 
S^urity  is  part  of  the  program  management  team  and  provides  direct  sup¬ 
port  to  organizational  goals.  The  disadvantage  of  this  approach  is  that  it  has, 
in  some  cases,  worked  against  standardization  and  reciprocity.  Particular  SAP 
program  offices  have  adopted  their  own  security  proc^ures.  The  centralized 
approach  embodied  in  the  DIS  seeks  to  leverage  limited  resources  through 
standardized  practices  and  procedures,  genaally  independent  of  specific  con¬ 
tracts  or  programs.  Disadvantages  of  a  centralized  approach  include  inflexi¬ 
bility,  distance  from  the  customer,  lack  of  direct  accountability,  and  a  system 
bas^  on  achieving  security  goals  independent  of  organizational  goals. 

On  balance,  the  Commission  has  found  the  programmatic  approach  to 
industrial  security  to  be  superior  to  the  traditional  centralized  approach  of 
frequent  inspections  to  measurecompliance  with  a  detailed  manual  of  secu¬ 
rity  rules.  The  program-oriented  approach  brings  security  closer  to  the  cus¬ 
tomer  and  provi des greater fl ©Ability  to  handleprogram  issues.This 
structure  also  makes  security  directly  accountable  for  the  quality  and  timeli¬ 
ness  of  its  service.  Contractors  appear  to  prefer  the  flexibility  of  a  program¬ 
matic  approach,  but  insist  that  common  standards  are  needed  for  reciprocity. 

The  Commission  believes  that  a  core  industrial  security  function  located 
within  the  joint  investigative  service  would  benefit  the  D^ense  and  Intelli¬ 
gence  Communities.  The  new  organization  should  be  responsible  for  initial 
facility  clearances,  for  the  previously  recommended  facility  r^istration  data 
base,  and  for  all  determinations  concerning  foreign  ownership,  control  and 
influence  (FOCI),  as  discussed  earlier  in  chapter  6.  The  new  organization 
should  provide  an  industrial  security  service  to  those  Defense  and  Intelli¬ 
gence  Community  program  offices  for  which  a  joint  industrial  security  pro¬ 
gram  is  most  effective.  It  would  also  provide  this  service  to  non-Defense  and 
Intelligence  Community  agencies,  as  the  DIS  has  done  in  the  past.  It  will  cen¬ 
tralize,  as  a  core  savice,  the  staff  to  provide  accreditation  of  facilities,  techni¬ 
cal  and  computa  security  expatise,  guidance  to  handle  treaty  inspections, 
central  records,  and  representation  to  industry  and  govanment forums.  The 
new  organization  should  promote  standardization  and  responsiveness  to  cus- 
tomas  and  coordinate  the  industrial  security  inspections  previously  dis¬ 
cussed  in  chapta  5.  It  should  draw  upon  the  expaience  of  the  industrial 
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security  program  of  the  NRO,  which  has  made  great  progress  in  recent  years 
in  combining  a  programmatic  orientation  with  greater  standardization. 

The  Commission  emphasizes  that  the  new  organization  must  break  with 
the  past  practices  which  have  tended  to  focus  on  frequent  inspections  for 
compliance  with  a  detailed  regulatory  manual.  Industrial  security  should  be  a 
service  to  the  contract  program  office,  with  security  performance  measured  in 
terms  of  mission  accomplishment  rather  than  adherence  to  detailed  security 
rules.  The  joint  investigative  service  should  view  its  industrial  security  func¬ 
tions  as  a  service  to  be  used  where  a  joint  organization  is  more  efficient  and 
economical.  The  Commission  does  not  intend  to  force  into  joint  organizations 
those  program  offices  in  the  CIA,  the  N  RO,  the  N  SA  and  certain  SAPs  that 
function  better  by  maintaining  their  own  industrial  security  capabilities.  The 
Secretary  of  Defense  and  the  Director  of  Central  Intelligence  will  retain  the 
discretion  to  authorize  separate  industrial  security  offices  for  specific  pro¬ 
grams. 


The  Commission  recognizes  that  this  decentralization  of  execution  of 
industrial  security  runs  a  risk  that  general  standards  will  not  be  applied  uni¬ 
formly.  Indeed,  a  major  disadvantage  of  the  separate  SAP  industrial  security 
programs  in  the  past  has  been  their  adoption  of  unique  security  procedures 
that  added  multiple  burdens  to  industry  which  translated  into  increased, 
unjustifiable  costs  to  the  government.  One  purpose  of  establishing  a  single 
classification  level  with  two  degrees  of  protection  is  to  standardize  the  secu¬ 
rity  lequiremerrts  for  the  controlled  access  programs.  The  security  executive 
committee  should  ensure  that  the  standards  are  applied  properly,  and  the 
joint  investigative  service  should  provide  a  channel  through  which  industry 
may  bring  concans  to  the  attention  of  the  security  executive  committee. 


The  Commission  recommends  that  a  joint  investigative  service  per¬ 
form  industrial  security  services  of  common  concern  for  the 
Defense  and  Intelligence  Communities,  as  determined  by  the  secu¬ 
rity  executive  committee  and  in  accordance  with  a  programmatic, 
customer-service  approach. 


The  advantages 
[of  a  joint 
investigation 
service]  inciude 
economies  of 
scaie,  greater 
commonaiity, 
more  uniform 
implementation 
of  standards,  and 
increased 
professionaiism 
and  career 
opportunities. 


Establishment  of  a  Joint  Investigative  Service 

For  the  reasons  set  forth  above,  the  Commission  has  concluded  that  the 
Secretaiy  of  Defense  and  the  Director  of  Central  Intelligence  should  establish 
a  joint  investigative  service  to  conduct  all  personnel  security  background 
investigations  and  updates  for  components  of  the  Department  of  Defense  and 
Intelligence  Community,  as  well  as  their  contractors,  and  to  perform  those 
industrial  security  functions  that  can  better  be  done  jointly.  The  advantages 
includeeconomies  of  scale,  greater  commonality,  more  uniform  implementa¬ 
tion  of  standards,  and  increased  professionalism  and  career  opportunities. 

The  new  organization  should  draw  its  personnel  and  resources  from 
existing  security  organizations  in  the  Defense  Department  and  Intelligence 
Community.  It  should  take  its  policy  guidance  from  the  security  executive 
committee.  While  the  Commission  does  not  wish  to  prescribe  the  organiza¬ 
tional  details  for  a  joint  investigative  service,  one  model  is  the  Central  Imag- 
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Chapter  1.  k  Joint  Investigative  Service 


ery  Office  (CIO).  The  Director  of  the  CIO  is  appointed  by  the  Secretary  of 
Drfense  on  the  recommendation  of  the  Director  of  Central  Intelligence.  Con¬ 
sideration  should  also  be  given  to  other  joint  DoD-DCI  models  that  have  been 
adopted  for  different  functions.  The  joint  investigative  service  could  report  to 
the  Secretary  of  Defense  and  the  Director  of  Central  Intelligence  directly  or 
through  a  senior  official  designated  by  them.  Above  all,  the  Commission 
urges  that  the  establishment  and  direction  of  thejoint  investigativeservice 
receive  sustained,  high-level  attention,  which  has  not  been  the  case  with  the 
Defense  Investigative  Service  over  the  years. 


The  Commission  recommends  that  the  joint  investigative  service  be 
established  by  the  Secretary  of  Defense  and  the  Director  of  Central 
Intelligence,  that  its  resources  be  drawn  from  existing  security  orga¬ 
nizations,  and  that  it  report  jointly  to  the  Secretary  of  Defense  and 
the  Director  of  Central  Intelligence. 
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Chapter  8. 

Information  Systems  Security 


Those  who 
s  feadfasfly  resist 
connectivity  wiii 
be  per  caved  as 
unresponsive  and 
wiii  uitimateiy  be 
considered  as 
offering  little 
value  to  thar 
customers. 


Information  systems  security  is  the  discipline  that  protects  the  confidenti¬ 
ality  integrity  and  availability  of  classified  and  unclassified  information  cre¬ 
ated,  proces^,  stored  and  communicated  on  computas  and  networks.  The 
Commission  believes  it  is  imperative  that  the  Defense  and  Intelligence  Com¬ 
munities  focus  more  attention  on  information  systems  security  It,  together 
with  personnel  security,  is  one  of  two  security  disciplines  that  the  Commis¬ 
sion  believes  needs  more  attention  and  recommends  additional  requirements 
that  will  increase  costs. 

The  United  States  is  increasingly  dependent  on  information  systems  and 
networks.  Information  systems  control  the  basic  functions  of  the  nation's 
infrastructure,  including  the  air  traffic  control  system,  power  distribution  and 
utilities,  phone  system,  stock  exchanges,  the  Federal  Reserve  monetary  trans- 
fa  system,  credit  and  medical  records,  and  a  host  of  otha  savices  and  activi¬ 
ties.  The  world  of  the  future,  within  which  our  security  policies  and 
procedures  must  succeed,  will  undoubtedly  be  charactaized  by  even  more 
widespread  use  of  computas,  systems,  and  networks.  It  is  already  apparent 
that  increased  connectivity  leads  to  significant  improvements  in  productivity, 
improvements  that  are  necessary  if  our  soci^  is  to  prospa  and  we  are  to 
continue  to  lead  the  world's  family  of  nations  in  aonomic,  political,  and  mili¬ 
tary  strength.  Initiatives  likethe National  Information  Infrjistructiire (Nil) 
intended  to  be  an  "information  supahighway"  for  our  nation's  commerce 
and  govanment  are  based  on  this  emerging  reality. 

The  Defense  and  Intelligence  Communities  share  this  impaative  to  con¬ 
nect,  both  within  and  between  the  communities  and  to  the  Nil.  The  Depart¬ 
ment  of  Defense  already  depends  upon  computas  and  commimications 
networks  in  paforming  evay  aspect  of  its  complex  missions  from  command 
and  control,  to  acquisition  of  weapons  systems,  to  managing  and  paying  for 
the  worldwide  activities  of  the  department.  This  dependence  will  certainly 
increase.  The  DoD  envisions  a  worldwide,  seamless  web  of  computas  and 
networks  the  Defense  Information  Infrastructure  (DII)  opaating  as  a  utility  in 
support  of  the  Department's  warfighting,  intelligence,  and  business  functions. 

The  CIA  and  otha  intelligence  agencies  are  increasingly  tying  togetha 
intanal  systems  and  are  beghming  to  reach  for  connections  b^ond  their 
walls.  The  increased  productivity  that  flows  from  such  connectivity  is  essen¬ 
tial  to  success  in  this  aa  of  dalining  resources.  Intelligence  is,  afta  all,  infor¬ 
mation  and  must  flow  in  a  form  and  at  rates  useful  to  those  who  need  it.  The 
Commission  believes  that  those  who  steadfastly  resist  connectivity  will  be 
paceived  as  unresponsive  and  will  ultimately  be  considaed  as  offaing  little 
value  to  their  customers. 
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There  is  no  doubt  that  increased  connectivity  creates  greater  vulnerabil¬ 
ity.  Electronic  access  to  vast  amounts  of  data  and  critical  infrastructure  control 
is  now  possible  from  almost  anywhere  in  the  world.  Networks  are  so  complex 
and  so  widespread  that  the  identity  of  everyone  with  'access  to  the  networks 
to  which  our  systems  are  connected  can  no  longer  be  known  with  any  assur¬ 
ance.  Moreover,  although  our  classified  data  is  obviously  of  great  interest  to 
our  enemies,  our  communities  depend  on  extensive  data  bases  of  unclassified 
information  that  if  destroyed  or  damaged  would  cost  billions  to  rebuild  and 
could  affect  our  ability  to  deploy  and  operate  a  flexible,  capable  force. 

Protecting  information  transactions  within  the  subinfrastructure  or  net¬ 
work  enclaves  controlled  by  the  DoD  and  the  Intelligence  Community 
requires  an  approach  to  security  in  which  information  systems  security  is  seen 
as  part  of  a  balanced  mix  that  also  includes  personnel  security,  physical  secu¬ 
rity  and  other  security  procedures.  Protecting  information  transfers  between 
our  enclaves  and  the  rest  of  the  infrastructure  whae  we  cannot  count  on  otha 
types  of  security  requires  a  more  stringent  form  of  information  systems  secu¬ 
rity.  In  addressing  these  issues,  the  Commission  examined  current  threat 
information  as  well  as  policies  and  procedures  now  in  place  to  protect  against 
such  threats.  The  Commission  found  our  policies  outdated,  our  strat^ies  for 
obtaining  necessary  information  systems  security  technology  ineffective,  and 
our  general  readiness  in  terms  of  awareness  and  training  inadequate. 


The  Threat  to  Information  and  Information  Systems 

Thirty  years  ago,  computer  systems  presented  relatively  simple  security 
challenges.  They  were  expensive,  isolated  in  environmentally  controlled  fadl- 
-  ities,  and  their  use  was  an  arcane  art  understood  by  few.  Consequently,  pro¬ 
tecting  them  was  relatively  easy,  a  matter  of  controlling  access  to  the 
computer  room  and  clearing  the  small  number  of  specialists  who  needed  such 
access.  As  these  systems  evolved,  their  connectivity  was  extended,  first  by 
remote termiiuJs  and  eventually  by  local  and  wide-area  networks. 

As  size  and  price  came  down,  microprocessors  ^an  to  appear  in  the 
workplace,  in  homes,  and  eventually  on  the  battlefield  and  embedded  in 
weapon  systems.  What  was  once  a  collection  of  separate  systems  is  now  best 
undastood  as  a  single,  multifaceted  information  infrastructure  opaated  as  a 
utility.  To  cope  with  this  new  reality,  our  paradigm  for  managing  information 
security  must  also  shift  from  developing  security  for  each  individual  applica¬ 
tion,  system,  and  network  to  developing  security  for  subscribers  within  the 
worldwide  utility,  and  from  protecting  the  isolated  systems  we  own  to  pro¬ 
tecting  systems  that  are  connected  and  depend  upon  an  infrastructure  we  nei¬ 
ther  own  nor  control. 

Despite  the  enormous  impact  that  could  result  from  the  compromise  or 
destruction  of  our  information  systems,  the  Commission  believes  that  there  is 
little  public  understanding  of  the  threat  or  of  the  consequences  of  attacks  on 
our  systems.  One  high-level  official  suggested  that  until  there  is  a  major  infor¬ 
mation  systems  catastrophe,  appreciation  of  the  need  for  information  systems 
security  will  remain  weak.  Attacks  against  information  systems  are  becoming 
more  aggressive,  not  only  seeking  access  to  confidential  information,  but  also 
stealing  and  degrading  service  and  destroying  data. 


Our  parddigm 
for  managing 
information 
security  must 
also  shift  from 
developing 
security  for  each 
individual 
application, 
system,  and 
network  to 
de/eloping 
security  for 
subscribers 
within  the 
worldwide  utility. 
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Chapter  8.  Information  Systems  Security 


Networks  are 
already 

recognized  as  a 
battlefield  of  the 
future. 


The  well-publicized  Michaelangelo  virus  destroyed  the  information  and 
applications  software  on  the  hard  disks  of  the  unwa  y.  In  another  example, 
a  small  program  appeared  on  computers  connected  to  the  Internet.  This 
program  made  copies  of  itself  and  sent  the  copies  along  to  other  computers 
on  the  network.  The  copies  made  copies  in  turn  and  sent  them  along,  and 
the  copies'  copies  made  copies,  and  so  on.  in  short  order  the  network  was  so 
busy  creating  and  sending  copies  of  the  program  that  i  f  couldn 't  do  any¬ 
thing  else.  Some  of  fhe  computers  were  down  for  most  of  the  following 
wed(,  and  the  business  enterprises,  a  c  a  d e  mi  c  i  a  n s ,  and  government  and  pri¬ 
vate  users  were  unable  to  use  their  computers  for  processing  or  to  commu¬ 
nicate  among  themseives. 

Networks  are  already  recognized  as  a  battlefield  of  the  future.  Informa¬ 
tion  weapons  will  attack  and  d^end  at  electronic  speeds  using  strategies  and 
tactics  yet  to  be  perfected.  This  technology  is  capable  of  deciding  the  out¬ 
comes  of  geopolitical  crises  without  the  firing  of  a  single  weapon.  Our  secu¬ 
rity  policies  and  processes  must  protect  our  ability  to  conduct  such  infowars 
while  denying  our  enemies  that  same  advantage. 

If,  instead  of  attacking  our  military  systems  and  data  bases,  an  enemy 
attacked  our  unprotected  civilian  infrastructure,  the  economic  and  other 
results  could  be  disastrous.  Over  95  percent  of  Defense  and  Intelligence  Com¬ 
munity  voice  and  data  traffic  uses  the  public  phone  system.  The  economic 
consequences  alone  of  a  successful  attack  on  the  phone  ^stem  or  the  N  ational 
Information  Infrastructure  would  be  significant. 

The  nine-hour  failure  of  t  he  AT&T  public  switch  network  in  1990, 
aithough  the  resuit  of  a  reiiabiiity  faiiure  and  not  a  pianned  attack,  demon¬ 
strated  how  vulnerable  we  are.  Of  the  138  million  long-distance  and  800- 
number  calls  attempted,  some  70  mi  1 1  ion  were  rejected  by  the  faulty  system. 

M  any  cf  those  calls  were  business  calls,  and  thefailure  to  connect  cost  those 
businesses  directly  due  to  orders  not  bang  placed  and  operations  being 
delayed  or  halted  altogether.  There  were  indirect  costs  as  well  due  to 
decreased  efficiency  and  productivity.  A  iriines,  hotds,  and  car  rental  com¬ 
panies  lost  reservations,  Phoned  catalog  orders  were  not  placed.  Service 
companies  could  not  support  thei  r  customers. 

The  threat  to  our  information  and  information  systems  is  increasin0y 
sophisticated,  and  comes  from  both  insiders  and  outsiders.  While  improving 
the  personnel  security  methods  used  to  ascertain  the  trustworthiness  of  our 
people  will  reduce  the  insida  threat,  personnel  security  measures  alone  can¬ 
not  be  relied  on  to  protect  our  information  and  information  systems.  Foreign 
intelligence  services,  including  those  of  some  of  our  "allies,"  are  known  to  tar¬ 
get  US  information  systems  and  technologies,  using  techniques  that  can  give 
them  access  to  our  information  without  ever  coming  into  our  work  spaces  or 
approaching  our  people.  Some  trends  and  specific  incidents  help  indicate  the 
scope  of  the  information  systems  security  challenge: 

.  Computer  viruses  are  growing  more  common  and  more  dangerous, 
and  may  be  virtually  undetectable  by  conventional  antiviral  software.  Trojan 
horses,  logic  bombs  and  other  malicious  software  are  appearing  on  our  sys¬ 
tems,  and  require  improved  countameasures  and  careful  security  procedures 
to  defeat. 
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•  Over  4,000  hacker  attacks,  ranging  from  attempted  password  cracking 
to  trying  to  obtain  control  of  the  system,  were  detected  on  one  government 
system  during  a  single  three  month  period:  Some  hackers  advertise  their  ser¬ 
vices  for  seeking  any  information,  including  classified  or  sensitiveinforma- 
ti  on . 

.  Eighty-five  percent  of  computer  crime  is  committed  by  insiders  with 
validated  access  to  the  systems  and  networks  they  abuse.  Before  being  fired 
from  a  private  firm,  a  disgruntled  employee  left  a  logic  bomb  in  the  com¬ 
pany's  personnel  system  that  destroyed  all  personnel  records.  Careless  insid¬ 
ers,  ignoring  security  procedures,  have  inadvertently  inserted  viruses  into 
DoD  and  Intelligence  Community  information  systems. 

.  Increasingly  cheaper  and  more  powerful  commercially  available  elec¬ 
tronics  put  signals  intelligence  intercept  and  processing  capabilities  within 
the  reach  of  the  smallest  countries  and  even  drug  traffickas.  Targeting  by  sig¬ 
nals  intelligence  of  facsimile  and  data  communications  on  land-based  and  sat¬ 
ellite  systems  gives  eavesdroppers  access  to  international  communications  of 
US  businesses,  pasonal  telephone  calls  of  US  troops  stationed  ovaseas,  com¬ 
puter  passwords,  and  other  data. 

Dated  Policies 

The  Commission  found  a  number  of  problems  hindaing  the  effectiveness 
of  information  systems  security.  Problems  include  ineffectual  and  conflicting 
policies,  failed  strategies  for  obtaining  the  necessary  computer  security  tech¬ 
nology,  poor  mechanisms  for  obtaining  timely  threat  information,  inherent 
systems  vulnerabilities,  lack  of  effective  audit  data  reduction  techniques,  and 
accreditation  processes  that  are  far  too  slow.  The  Commission  also  believes 
that  there  is  a  need  to  improve  the  quality  and  number  of  information  systems 
security  professionals  and  to  increase  training  and  awareness  programs  for 
management  and  non-security  pasonnel. 

The  policies  and  standards  upon  which  the  Defense  and  Intelligence 
Communities  base  information  systems  security  services  were  developed 
when  computas  were  physically  and  electronically  isolated.  As  a  result,  poli¬ 
cies  and  standards: 

.  Are  not  suitablefor  the  networked  world  of  today,  having  been  based 
on  stand-alone  architectures  where  the  security  requirements  imposed  on  one 
system  had  little  or  no  impact  on  the  security  for  another  system. 

.  Were  developed  based  on  a  philosophy  of  complete  risk  avoidance  and 
so  do  not  deal  effectively  with  information  systems  security  as  part  of  a  bal¬ 
anced  mix  of  security  countameasures  in  protecting  the  confidentiality,  integ¬ 
rity  or  availability  of  our  information  assets. 

.  Do  not  provide  the  flexibility  needed  to  address  the  wide  variations 
among  systems  in  use  today  and  planned  for  tomorrow. 

•  Do  not  differentiate  between  the  security  countermeasures  needed 
within  and  among  protected  network  enclaves  and  those  needed  when  infor¬ 
mation  must  travel  to  and  from  less  protected  or  unprotected  parts  of  the 

infrastructure. 


The  policies  and 
standards  upon 
which . . . 
information 
systems  security 
services  [are 
based]  were 
developed  when 
computers  were 
physically  and 
electronically 
isolated. 
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The  Strategy  for 
de\/el  oping 
computer  security 
software, 
hardware  and 
other  security 
technoiogies  has 
not  served  us  weii. 


.  Are  only  beginning  to  combine  computer  science  and  public  key  cryp¬ 
tography  effectively  to  protect  information. 

.  Are  not  capable  of  responding  in  a  timely  manner  to  dynamically 
evolving  information  technology. 

The  Commission  also  found  a  profusion  of  policy  formulation  authorities 
all  of  whom  are  addressing  essentially  the  same  issues.  The  Community 
Counterintelligence  and  Security  Countermeasures  Office  (CCISCMO)  is 
responsible  to  the  Director  of  Central  Intelligence  for  information  systems 
security  policy  and  standards  for  the  Intelligence  Community.  TheDoD  intel¬ 
ligence  organizations  must  follow  CCISCMO  security  policies,  and  all  of  the 
DoD  must  follow  the  security  regulations  promulgated  by  its  chains  of  com¬ 
mand  up  through  the  Office  of  the  Secretary  of  D^ense  (OSD).  The  National 
Security  Telecommunications  and  Information  Systems  Security  Committee 
(NSnssC)  creates  policies  that  overlap  those  of  both  the  OSD  and  the 
CCISCMO  with  regard  to  national  security  information  and  extends  its  policy 
authority  to  other  govanment  departments  and  agencies  not  covered  by  DoD 
or  DCI  policies.  The  Office  of  Management  and  Budget  casts  its  policies  over 
all  information  systems  security  activities  that  expend  tax  dollars.  The 
National  Institute  of  Standards  and  Technology  (NIST)  is  responsible  for  cre¬ 
ating  standards  for  the  protection  of  unclassified  but  sensitive  information.  A 
result  of  these  numerous  policy  authorities  has  been  policies  that,  although 
similar,  diffa  sufficiently  to  create  inefficiencies  and  to  cause  implementation 
problems  when  organizations  must  coordinate  their  security  protocols  and 
procedures  in  order  to  interconnect. 


Failed  Strategies 

In  addition  to  dated  polices  and  inadequate  standards,  the  strategy  for 
developing  computa  security  software,  hardware  and  other  security  technol¬ 
ogies  has  not  saved  us  well.  This  strategy  has  been  to  encourage  the  private 
sector  to  design,  develop,  and  manufacture  products  at  their  own  expense.  In 
return,  the  government  promised  that  it  would  require  these  products  be  used 
in  the  systems  and  networks  it  acquired.  Howeva,  the  government  did  not 
follow  through  and  buy  these  products  when  they  became  available.  One  rea¬ 
son  is  that  the  products  suffaed  long  delays  waiting  govanment  approval 
and  waecons^uently  obsolete  before  being  approved  for  use.  In  addition, 
these  products  are  often  too  expensive  and  lack  functionality  comparable  to 
state-of-tiie-art,  nonsecure  commercially  available  products.  Asa  result,  too 
few  computa  saurity  products  are  available  today  and  even  fewa  are  in  use. 

These  problems  with  obtaining  commercial  computa  security  products 
have  been  exacabated  by  the  govanment's  failure  to  control  and  coordinate 
its  own  R&D  programs.  With  each  agency  free  to  pursue  its  own  R&D  initia¬ 
tives,  some  attractive  lines  of  research  have  been  neglected  while  thae  have 
been  duplications  of  effort  and  products  produced  that  are  not  readily 
intaopaable  with  otha  computa  security  products.  Moreova,  research  has 
been  focused  almost  exclusively  on  providing  protection  to  classified  infor¬ 
mation  and  systems  to  the  detriment  of  protecting  unclassified  information 
and  our  infrastructure  assets. 
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The  New  Information  Systems  Security  Reality 


To  meet  the  security  needs  of  connected  information  systems  using  an 
in&structure  not  completely  under  our  control,  the  Commission  believes  that 
there  is  a  need  for  new  information  systems  security  policies  and  standards, 
new  strategies  for  obtaining  products,  a  more  focused  R&D  program,  and  a 
betta  understanding  of  information  security  threats  and  vulnerabilities.  Secu¬ 
rity  requirements  for  evolving  Defense  and  Intelligence  Community  informa¬ 
tion  systems  include: 

.  Providing  the  ability  to  securely  pass  classified  information  over  public 
or  open  communication  links  or  networks  to  authorized  usas. 

.  Resisting  computer  viruses  and  other  malicious  software,  detecting 
and  controlling  penetration  of  networks,  systems,  applications  and  data  bases 
by  hackers,  and  surviving  full  scalemfowar  attacks. 

.  Ensuring  the  authenticity  of  electronic  messages  and  preventing  repu¬ 
diation  of  their  receipt 

.  Keeping  confidentiality  and  integrity  of  medical  files,  payroll  records, 
and  other  sensi  ti  ve  but  u  ncl  assi  f i  ed  i  nformati  on . 

.  Protecting  the  privacy  of  personnel  files  and  investigative  dossiers  as 
required  bylaw. 

•  Providing  confidentiality  of  the  identities  of  personnel  in  sensitive 
assignments. 

.  Ensuring  integrity  in  electronic  payments  to  vendors  and  contractors. 

•  Ensuring  the  components  of  the  information  infrastructure  are 
designed  for  the  rapid  detection  of  malicious  activities  and  for  the  ready  res¬ 
toration  of  requi  red  services. 

.  Effectively  managing  and  controlling  access  to  information  at  any  pro¬ 
tection  level  on  a  global  basis. 


There  is  a  need  for 
new  information 
systems  security 
poiicies  and 
standards . , . 
and  a  better 
understanding 
of  information 
security  threats 
and  vulnera¬ 
bilities. 


Information  Systems  Security  Poiicy  for  Tomorrow 

The  Commission  believes  that  information  systems  security  policy  must 
betta  address  current  and  future  electronic  environments.  The  network  archi¬ 
tecture  of  the  future  will  comprise  a  seamless  global  web  of  vmsecured  elec¬ 
tronic  highways  linked  togetha  to  provide  a  common  infrastructure  opaated 
as  a  utility.  Subscribas  will  be  a  hetaogeneous  group  of  individuals  and 
organizations  tied  into  the  network  to  communicate  with  each  otha  and  to 
obtain  various  savices  offaed  by  some  portion  of  the  network.  The  Depart¬ 
ment  of  Defense  and  the  Intelligence  Community  also  will  be  subscribas  and 
their  networks  will  be  subnets  or  "enclaves"  within  the  larga  infrastructure. 
Subscribas  will  use  common  standards  in  supplying  and  obtaining  savices, 
although  security  standards  may  vary  from  enclave  to  enclave.  But  security 
standards  must  pamit  subscribas  to  benefit  from  authorized  connectivity 
and  savices  provided  by  the  infrastructure  and  other  authorized  subscribas. 
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A  new 
investment 
strategy  is  needed 
to  ensure  that 
products  are 
avail  able  that  will 
ensure  the 
availability  and 
integrity  of  both 
class! fid  and 
unclassified  data. 


The  new  policies  must  be  network  oriented,  recognizing  the  need  for 
coordination  and  cooperation  between  separate  organizations  and  enclaves 
connected  via  the  infrastructure.  Policies  must  be  sufficiently  flexible  to  cova 
a  wide  range  of  systems  and  equipment.  They  must  take  into  account  threat, 
both  from  the  insider  and  the  outsider,  and  espouse  a  risk  management  phi¬ 
losophy  in  making  security  decisions.  And  given  the  knowledge  that  unclassi¬ 
fied  information  can  be  just  as  important  and  is  even  more  vulnerable  than 
classified  information,  the  new  policies,  strategies  and  standards  must  also 
ensure  its  protection.  Information  that  has  no  requirement  for  confidentiality 
may  still  require  protection  to  ensure  that  it  is  not  illicitly  modified  or 
destroyed  and  is  available  when  needed. 

To  alleviate  the  ovalap,  redundancy,  and  conflicts  inherent  in  the  existing 
policy  formulation  process,  responsibility  for  generating  the  new  policy  must 
be  given  to  a  centralized  security  executive  policy  committee  that  represents 
both  the  Department  of  Defense  and  the  Intelligence  Community.  Further¬ 
more,  in  developing  the  new  policy,  representatives  from  outside  these  com¬ 
munities  may  ne^  to  be  included  to  assure  that  a  governmentwide 
paspective  will  be  used. 


The  Commission  recommends  that  policy  formulation  for  informa¬ 
tion  systems  security  be  consolidated  under  a  joint  DoD/DQ  secu¬ 
rity  executive  committee,  and  that  the  committee  oversee 
development  of  a  coherent  network-oriented  information  systems 
security  policy  for  the  Department  of  Defense  and  the  Intelligence 
Community  that  also  could  serve  the  entire  government 


The  Investment  Strategy  for  Information  Systems  Security 

A  coherent  set  of  policies  is  of  no  use  if  effective  information  systems 
security  products  are  not  available  and  programs  can  not  be  implemented 
that  use  them.  Given  the  problems  with  the  current  strategies  and  programs, 
the  Commission  recommends  a  new  approach  based  on  a  well-considered 
investment  strategy  that  includes  a  more  focused  R&D  program.  It  must 
obtain  and  use  threat  and  vulnerability  information  in  managing  risk.  And 
finally,  it  must  result  in  a  more  robust,  efficient,  and  responsive  program  for 
applying  and  managing  information  systems  security  in  our  systems  and  net¬ 
works. 

A  new  investment  strategy  is  needed  to  ensure  that  products  are  avail¬ 
able  that  will  ensure  the  availability  and  integrity  of  both  classified  and 
unclassified  data.  Within  an  information  systems  enclave,  security  officials 
can  rely  on  physical  security  to  deny  access  to  unauthorized  usas,  pasonnel 
security  to  provide  some  assurance  that  those  who  do  have  access  are  trust¬ 
worthy,  and  procedural  security  to  manage  access  to  and  use  of  their  subnets. 
Howeva,  protection  against  the  outsida  threat  whae  the  enclave  connects  to 
the  outside  infrastructure  may  r^uire  more  stringent  levels  of  protection. 
There  must  be  assurance  that,  as  information  enters  and  leaves  the  enclave, 
highly  protected  data  does  not  cross  the  boundary  to  lesser  cleared  subscrib¬ 
ers  and  that  information  can  flow  into  the  enclave  from  the  outside  infrastmc- 
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ture  without  permitting  access  to  unauthorized  users  or  the  introduction  of 
malicious  software. 

The  new  strategy  also  must  identify  capabilities'  and  products  that  are 
needed  to  permit  implementation  of  systems  and  networks  providing  various 
degrees  of  protection.  M  any  in  the  private  sector  currently  rely  on  insurance 
to  protect  against  losses  to  hackers,  criminals,  and  malicious  software.  The 
Commission  expects  that  increased  awareness  of  the  economic  risks  inherent 
in  connecting  to  or  exchanging  data  with  the  information  infrastructure  will 
lead  to  an  understanding  that  it  is  cheaper  to  protect  information  assets  and 
information  systems  with  technology  than  with  insurance.  This  will,  in  turn, 
encourage  the  development  of  secure  products  by  the  private  sector.  Wide¬ 
spread  use  of  such  products  will  bring  the  cost  down,  permitting  security  to 
be  used  as  a  market!  ng  d i scri  mi  nator  as  consu mers  will  prefer  secu  re  prod¬ 
ucts  to  those  without  security  so  long  as  the  difference  in  price  is  not  great. 
This  process  should  result  in  the  ready  availability  of  affordable  commercial 
off-the-shelf  information  systems  and  networks  offering  moderate  levels  of 
security  assurance.  However,  the  private  sector  is  not  expected  to  commer¬ 
cially  develop  those  security  products  with  the  very  high  levels  of  assurance 
essential  to  some  government  ^sterns  and  networks.  Accordingly,  the  new 
investment  strategy  must  provide  for  allocation  of  government  funding  to 
promote  the  development  of  high  assurance  products. 

Computer  security  exists  today  that  is  deemed  sufficient  to  permit  con¬ 
nectivity  within  secure  enclaves,  as  is  the  case  at  the  CIA  and  the  NSA.  How¬ 
ever,  these  same  security  countermeasures  may  not  be  considered  sufficient 
when  outside  connections  are  established.  Worse,  interconnecting  two  secure 
enclaves  that  usedifferent  protection  features  may  result  in  the  failure  of  the 
~  security  of  both  enclaves.  Technology  that  would  control  information  trans¬ 
fers  across  enclave  borders  is  on  the  drawing  boards  and  in  the  labs,  but  has 
not  yet  matured  to  a  point  where  it  can  be  used  to  protect  connections 
between  enclaves  responsible  for  highly  sensitive  data  and  the  unprotected 
infrastructure.  Providing  such  technology  at  the  earliest  possible  date  must  be 
a  high  priority  for  the  new  investment  strategy 

Adequate  funding  for  information  systems  security  is  essential.  In  keep¬ 
ing  with  the  understanding  that  the  information  infrastructure  is  an  essential 
element  of  the  national  security  structure,  funds  must  be  provided  for  the 
development  of  the  technology  needed  to  secure  the  infrastructure,  both 
within  secure  enclaves  and  across  the  networks.  Moreova,  sufficient  funding 
must  be  included  in  the  agencies'  and  departments'  budgets  to  ensure  that 
program  managers  can  buy  computers,  systems  and  networks  that  provide 
the  security  ne^ed  to  protect  the  confidentiality,  integrity  and  availability  of 
information  assets  and  information  systems. 

For  the  Department  of  Defense,  the  information  infrastructure  will  be 
managed  by  the  Defense  Information  Systems  Agency  (DISA),  which  must 
develop  system  and  network  security  management  capabilities  as  well  as 
audit  and  alarm  capabilities.  The  DISA  is  ideally  situat^  to  perform  these 
functions  and  has  created  the  Center  for  Information  Systems  Security  to 
ensure  the  successful  performance  of  its  security  responsibilities.  The  Center, 
although  newly  form^,  has  been  doing  an  excellent  job  to  date.  Any  neces¬ 
sary  high  assurance  technology  for  securing  information  and  information  sys¬ 
tems  will  be  provided  by  the  NSA.  In  reviewing  the  best  practices  of 
government  and  industry,  the  Commission  finds  that  an  investment  strategy 


An  investment 
strategy  that 
allocates  five  to 
ten  percent  of  the 
total  cost  of 
developing  and 
operating 
information 
systems  and 
networks 
[towards 
protecting  them] 
is  appropriate. 
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that  allocates  five  to  ten  percent  of  the  total  cost  of  developing  and  operating 
information  systems  and  networks  is  appropriate  and  needed  to  ensure  that 
those  systems  and  networks  are  available  when  needed  and  safe  to  use. 
Smaller  investments  are  inad^uateto  achieve  acceptable  levels  of  risk. 
Larger  investments  are  unrealistic  given  the  expected  budgetary  environment 
facing  our  communities. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence  develop  an  information  systems 
security  investment  strategy  inciuding  an  emphasis  on  commerciai 
production  of  computer  security  components  at  affordable  costs. 
The  goal  should  be  to  use  5  to  10  percent  of  the  costs  of  infrastruc¬ 
ture  deveiopment  and  operations  to  ensure  avaiiabiiity  and  the  con- 
fidentiaiity  and  integrity  of  our  information  assets. 


A  new  emphasis 
on  developing 
solutions  for 
threats  to  the 
unclassified 
infrastructure 
also  is  needed. 


Research  and  Development-A  Need  to  Consolidate 

As  part  of  implementing  the  new  information  systems  security  strategy,  a 
carefully  planned  and  well-managed  research  and  development  program  is 
required.  Information  systems  technology  is  evolving  much  fasta  than  infor¬ 
mation  systemssecimty  technology.  The  Defense  and  IntelligenceCommuni- 
ties  must  reassess,  refocus  and  adequately  fund  our  information  systems 
security  research  and  development  efforts  to  design  and  develop  the  highly 
technical  products  needed  if  our  countermeasures  are  to  provide  sufficient 
defense  to  responsibly  manage  the  risk  to  our  information  ^sterns.  However, 
the  Commission  has  observed  that  there  is  no  communitywide  focal  point  for 
information  systems  security  research  and  development.  Each  agency  imple¬ 
ments  the  R&D  activities  needed  for  its  own  mission  and,  as  a  result,  there 
have  been  both  duplication  of  effort  and  products  made  that  ^  of  very  lim¬ 
ited  use. 

In  addition,  research  in  theDoD  and  Intelligence  Communities  has  been 
focused  almost  exclusively  on  providing  solutions  to  protection  of  classified 
assets.  As  discussed  earlier,  the  threats  are  changing,  and  targets  in  the  future 
may  well  be  found  in  the  country's  unclassified  infrastructure  power  grid 
controls,  transportation  systems,  the  public  switched  networks,  stock 
exchanges,  and  Federal  Reserve  monetary  transfa  system. 

A  new  emphasis  on  developing  solutions  for  threats  to  the  unclassified 
infrastructure  also  is  needed.  The  Commission  believes  that  a  communi^- 
wide  mechanism  to  determine  priorities  for  information  systems  security 
research  and  development  of  products  is  needed  as  part  of  the  information 
systems  security  investment  strategy. 
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The  Commission  recommends  that: 

a)  Research  and  development  programs  be  given  high  priority  in 
creating  the  secure  products  which  the  DoD  and  the  Intelligence 
Community  need  for  protection  of  their  classified  and  unclassified 
information  networks  and  systems. 

b) The  Secretary  of  Defense  and  the  Director  of  Central  Intelli¬ 
gence  assign  the  N  SA  as  the  executive  agent  for  information  sys¬ 
tems  security  research  and  development  for  both  classified  and 
unclassified  information  for  the  Department  of  Defense  and  the 
Intelligence  Community. 


Infrastructure  Security  Management 

Like  other  aspects  of  information  systems  security,  the  processes  used  to 
assess  the  security  of  our  computers,  systems  and  networks  must  evolve. 
VyTith  stand-alone  systems,  individual  organizations  not  only  own  the  infor¬ 
mation  that  is  created,  stored,  and  processed  on  their  systems,  they  also  own 
the  systems  themselves.  In  connected  environments,  information,  resources, 
and  processes  are  shared.  Our  methods  for  assessing  the  security  of  and 
deciding  acceptable  levels  of  risk  must  change.  The  existing  processes  are  so 
slow  that  products  and  systems  are  frequently  obsolete  before  we  are  satisfied 
that  they  are  safe  to  use. 

Infrastructure  security  managers  must  be  able  to  detect  when  their  net¬ 
works  and  connected  systems  are  under  attack  and  respond  appropriately.  If 
necessary  it  must  be  possible  to  perform  triage  and  sever  infected  portions  of 
the  network  or  systems  to  save  unaffected  portions  of  the  infrastructure. 
Hygiene  measures  must  be  implemented  to  prevent  problems.  Automated 
tools  and  security  management  workstations  must  be  developed  and  imple¬ 
mented  within  our  networks. 

We  must  accommodate  technology  lifecycles  and  provide  for  variations 
in  the  degrees  of  assurance  required  for  differing  applications  and  missions. 
Automated  tools  that  support  security  administration  (such  as  automatic 
monitoring  and  malidous  code  detection  and  eradication)  and  management 
are  badly  needed  and  must  be  developed  as  part  of  the  new  strategy.  Our 
standards  and  processes  should  be  compatible  with  international  standards, 
processes  and  protocols  that  influence  the  technical  design  of  the  worldwide 
telecomputing  infrastructure  upon  which  our  nation  increasingly  depends. 

Auditing  Infrastructure  Utilization 

Even  though  we  place  a  high  degree  of  reliance  on  the  trustworthiness  of 
cleared  personnel  given  access  to  our  systems,  we  must  still  be  able  to  deter¬ 
mine  if  any  portions  of  the  infrastructure  are  being  abused,  either  by  insiders 
or  outsidas.  This  detamination  can  be  made  by  recording  and  analyzing  the 


Automated  tools 
that  support 
security 
adtninis  tra  tion 
..  .and manage¬ 
ment  are  badly 
needed  and  must 
be  developed  as 
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Despite  the 
importance  of 
auditing  and 
monitoring,  [we] 
currentiy  are 
unabletoconduct 
these  activities 
effectiveiy  and 
efficiently. 


information  and  control  transactions  that  take  place  on  the  system,  a  process 
called  auditing  or,  if  conducted  in  real  time,  monitoring.  Through  auditing 
and  monitoring,  one  can  establish  normal  operating  patterns,  characterize 
trends,  detect  aberrations,  and  identify  unusual  activities.  If  insiders  or  out- 
sidas  are  attempting  to  obtain,  alter,  or  delete  information  to  which  they  are 
not  entitled,  make  unauthorized  connections  to  the  networks,  or  penetrate 
computa  systems  or  applications,  auditing  and  monitoring  provides  a  means 
to  detect  their  activities. 

However,  despite  the  importance  of  auditing  and  monitoring,  the 
Defense  and  Intelligence  Communities  currently  are  unable  to  conduct  these 
activities  effectively  and  efficiently.  Too  much  data  in  too  many  forms  is  being 
collected.  One  hour  of  collected  audit  data  requires  an  average  of  six  hours  of 
analysis  for  adequate  review.  Nor  are  audit  capabilities  iiser  friendly.  All  too 
often  audit  records  are  left  unopened  or  the  audit  capabilities  are  never  acti¬ 
vated.  To  increase  our  ability  to  detect  unauthorized  activity,  the  Defense  and 
Intelligence  Communities  must  develop  common  auditing  and  monitoring 
record  formats  and  automated  tools  to  assist  in  the  reduction  and  analysis  of 
these  records.  A  focal  point  is  needed  for  this  activity.  TheDISA  is  the  logical 
choice  for  executive  agent.  As  the  network  manager  for  the  Dl  I ,  the  DISA  is 
already  involved  in  the  identification  of  requirements  and  the  development 
and  use  of  automated  security  analysis  systems  for  networks. 


The  Commission  recommends  that  the  DISA  be  the  executive  agent 
for  the  Department  of  Defense  and  the  Intelligence  Community  for 
development  of  operational  security  management  tools  for  infra¬ 
structure  operations,  including  more  powerful  audit  reduction 
tools,  automated  tools  for  use  in  assessing  the  security  of  our  net¬ 
works  and  connected  systems,  and  improving  security  management 
support  technology. 


Managing  the  Risk  to  Information  Systems 

The  Commission  believes  that  a  central  data  base  containing  security- 
related  events  should  be  established.  This  data  base  would  support  the  analy¬ 
sis  of  threats  and  vulnerabilities  regarding  information  systems  in  the  Defense 
and  Intelligence  Communities  and  will  be  useful  in  helping  to  frame  risk 
management  decisions.  To  ensure  the  most  comprehensive  information  is 
available  to  risk  management  decision  makers,  contributing  threat  and  inci¬ 
dent  information  to  the  data  base  must  be  mandatory. 

Because  of  the  sensitivity  of  reporting  vulnerabilities  of,  and  attacks  on 
information  systems,  the  issue  of  whether  to  classify  the  database  is  conten¬ 
tious.  If  unclassified,  it  is  feared  that  vulnerability  information  could  be 
accessed  and  used  by  hackers,  foreign  intelligence  agents  and  others  to  gain  a 
betta  understanding  of  exploitable  weaknesses.  However,  the  use  of  a  classi¬ 
fied  data  base  places  restrictions  on  dissemination  that  would  prevent  use  of 
vulnaability  and  threat  information  by  those  who  need  it  to  protect  their  sys- 
tem  s . 


Ill 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence  jointly  establish  and  maintain  an 
information  systems  security  threat  and  vulnerability  data  base. 
The  data  base  should  be  available  to  all  Defense  and  Intelligence 
Community  organizations,  including  industry,  and  it  must  be  man¬ 
datory  that  Defense  and  Intelligence  Community  organizations 
contribute  all  relevant  information  to  it 


Emergency  Response-The  N eed  for  H elp 

The  Commission  recommends  that  in  addition  to  creating  a  threat  and 
vulnerability  data  base,  a  central  organization  be  identified  to  have  the 
responsibility  of  working  with  system  managers  to  prevent  and  protect 
against  attacks,  to  respond  in  a  timely  and  effective  manner  if  attacks  occur, 
and  to  alert  others  when  a  problem  is  recognized.  Such  a  capability  should 
cooperate  with  the  Computer  Emergency  ResponseTeam  (CERT)  efforts  now 
underway  in  private  industry  and  academia  and  with  other  government 
agencies.  The  DoD  has  creat^  the  Automated  Systems  Security  Incident  Sup 
port  Team  (ASSIST)  Program  at  the  Defense  Information  Systems  Agency  to 
perform  these  functions.  The  Intelligence  Community  should  support  and 
rely  on  the  DISA's  ASSIST  program  and  we  recommend  establishing  the  Pro¬ 
gram  as  executive  agent  for  this  function  govemmentwide. 


A  central 
organization  [is 
n^ed]. . .  to 
respond  in  a 
timely  manner  if 
attacks  occur  and 
to  alert  others 
when  a  problem  is 
recognized. 


The  Commission  recommends  that  the  Secretary  of  Defense  and 
Director  of  Central  Intelligence  appoint  the  DISA's  ASSIST  pro¬ 
gram  as  the  executive  agent  for  emergency  response  functions  for 
the  DoD  and  the  Intelligence  Community. 


Information  Systems  Security  Professionals 

The  Commission’s  final  recommendation  deals  with  our  most  important 
information  systems  security  resource:  people.  The  Commission  recommends 
creation  of  a  professional  corps  to  execute  the  information  systems  security 
responsibilities.  The  Commission  also  recommends  that  a  vigorous  training 
program  be  established  to  provide  for  the  professionalization  needed  by  the 
local  security  professional  while  maintaining  security  consistency  across  our 
networked  environment  in  both  govanment  and  industry.  The  national  cryp¬ 
tologic  school  is  a  good  model  for  such  professionalization  training. 

The  information  systems  security  problem  is  part  of  the  larger  security 
training  and  professionalization  considerations  discussed  elsewhere  in  this 
report. 
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The  Commission  recommends  the  DoD  and  the  Intelligence  Com¬ 
munity  establish  an  information  systems  security  professional 
development  program  as  part  of  the  overall  development  of  security 
professionals. 
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Chapter  9. 

The  Cost  of  Security — 
An  Elusive  Target 


No  one  has  a  good 
handle  on  what 
security  really 
costs.  Our 
accounting 
systems  are  not 
designed  to  collect 
security  cost  data 
and  do  not  provide 
the  analytic  tools 
necessary  to 
support  resource 
decision  making. 


Understanding  Security  Costs 

The  total  cost  of  security  is  a  complex  interweaving  of  direct  charges  and 
shared,  hidden,  and  opportunity  costs  that  cannot  be  captured  by  budget  line 
items  or  data  calls  alone.  The  numbers  do  not  tell  the  whole  story  and  by 
themselves  can  be  misleading.  They  do  not  account  for  the  costs  associated 
with  inefficiency,  excessive  levels  of  protection,  or  lost  opportunities.  The 
Commission  has  tried  to  capture  these  less  obvious  costs,  in  addition  to  the 
conventional  ones,  in  ik  findings  and  recommendations  in  the  belief  that  once 
identified,  security  costs  can  be  better  managed. 

On  the  basis  of  information  gathered  in  recent  industry  studies  and  our 
own  analysis,  it  is  clear  that  no  one  has  a  good  handle  on  what  security  really 
costs.  Our  accounting  systems  are  not  designed  to  collect  security  cost  data 
and  do  not  provide  the  analytic  tools  necessary  to  support  resource  decision 
making.  The  Commission  discovered  early  the  difficulty  of  isolating  discre¬ 
tionary  or  control  I  abl  e  secvirity  costs  from  those  that  are  i  nherenti  y  part  of  the 
cost  of  doing  business.  Virtually  every  concern,  public  or  private,  buys  some 
kind  of  security  protection  depending  on  the  nature  of  the  enterprise.  To  illus¬ 
trate  this  point,  figure  6  depicts  various  levels  of  security  as  a  function  of  what 
is  being  protected.  It  shows  how  the  classified  world  of  security  rests  on  a 
substantial  underpinning  of  security  resources.  Even  if  there  were  no  classi¬ 
fied  information  or  programs,  there  would  still  be  basic  security  costs.  We 
would  fence  off  certain  areas,  put  security  police  on  flight  lines,  put  locks  on 
ammunition  storage  facilities  and  lock  up  expensive  equipment.  Figure  6  also 
depicts  what  we  see  as  a  building-block  approach  to  security  countermea¬ 
sures  in  government  and  industry.  The  cost  of  doing  business  is  represented 
in  the  four  lower  boxes.  Each  successive  block  requires  additional  protection 
and  entails  additional  costs.  The  examples  in  each  box  are  not  all-inclusive  but 
merely  illustrative  of  the  types  of  information  being  protected  within  each  cat¬ 
egory. 
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Figure  6.  Protection  by  Program  Type 

Costs  in  Black  and  White 

Security  costs  can  vary  widely  depending  on  the  classification  or  the  sen¬ 
sitivity  of  the  work  involved.  The  Commission  has  received  some  verifiable 
data  points  that  can  be  used  to  gauge  security  costs  in  unclassified  programs, 
acknowledged  or  collateral  programs,  and  unacknowledged  programs  (espe¬ 
cially  those  that  use  cover)": 

.  In  unclassified  programs,  direct  security  costs  typically  fall  within  the 
range  of  one-half  to  1  percent  of  total  operating  costs  (for  government  and 

industry). 

.  In  acknowledged  or  collateral  programs,  direct  security  costs  range 
from  1  percent  to  3  percent  of  total  operating  costs. 

.  For  unacknowledged  programs,  costs  range  considerably  higher,  from 
3  percent  to  10  percent  of  total  operating  costs.  One  SAP  program  manager 
estimated  security  costs  could  be  as  high  as  40  percent  of  total  operating  costs. 
This  estimate  supports  the  widespread  perception  that  SAP  security  costs  can 
be  exorbitant  compared  to  acknowledged  collateral  programs. 

Visible  and  Invisible  Security  Costs 

The  cost  of  security  can  be  depicted  as  an  iceberg  having  four  facets.  Two 
of  the  facets  are  visible  and  therefore  more  or  less  quantifiable.  The  other  two 
are  hidden  below  the  waterline  and,  while  difficult  to  measure,  experience 
suggests  they  may  be  very  large  indeed. 

As  shown  in  figure  7,  the  visible  facets  of  the  iceberg  are  made  up  of 
direct  and  indirect  security  costs.  Together  they  account  for  a  small  percent  of 
the  iceberg.  Direct  costs  are  quantifiable  charges  such  as  labor,  equipment  and 


SAP  security 
costs  can  be 
exorbitant 
compared  to 
acknowi  edged 
or  coiiaterai 
programs. 
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facilities.  More  difficult  to  quantify,  but  still  visible,  are  indirect  costs  that  con¬ 
tractors  typically  charge  as  overhead  and  general  and  administrative  (G&A) 
expenses.  G&A  and  overhead  charges  are  shared  costs  and  may  include,  for 

example,  guards  Who  cover  several  program  facilities  or  corporate  security 
managers  who  service  a  number  of  programs. 


Below  the  waterline  are  difficult  to  quantify  and  comparatively  large  hid¬ 
den  costs,  loosely  defined  as  inefficiency  and  opportunity  costs.  The  Commis¬ 
sion  believes  that  attacking  these  kinds  of  costs  can  yield  near-term  savings 
without  degrading  effectiveness: 

As  part  cfa  contract  to  support  a  Special  A  ccess  Program,  a  large  defense 
firm  on  tk  west  coast  must  regularly  visit  a  "sensitive"  activity  in  tk  Bos¬ 
ton  area.  Based  on  tk  SAP  security  plan,  which  specfies  that^  cover  tea- 
sons  tk  contractor  must  twt  be  associated  with  tk  site,  tk  SAP  program 
manager  requires  that  contractor  personnel  traveling  to  Boston  use  circui¬ 
tous  routes  by  stopping  at  an  intermediate  location  to  change  planes. 

Recently,  another  contractor  needed  to  reassign  170  employees  to  work  on  a 
DZA  contract.  Despite  all  of  their  employe^'  clearances  being  on  record  in 
tk  Intelligence  Community's  4C  clearance  data  base,  DZA  required  new 
personal  history  statements  from  each  person  and  readjudicated  each  case. 

After  sixmoRffts,only  32peopiehad  been  processed. 

With  an  eye  toward  the  total  cost  of  security,  the  Commission  adopted  the 
foiiowingapproach: 

.  Each  of  the  subcommittees-threat,  physical/technical,  personnel,  and 
information  systems  security-attempted  to  identify  costs  and  investigated 
potential  savings  in  its  respective  area. 
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•  The  staff  reviewed  cost  data  in  theNational  Foreign  Intelligence  Pro¬ 
gram  (NFEP)  and  DoD  budgets  (excluding  SAPs). 

•  The  staff  reviewed  the  just-completed  final  report  of  the  NISP 
Resources  Working  Group,  "Capturing  Security  Costs  in  Industry,"  as  well  as 
other  recent  industry  cost  surveys. 

•  The  Commission  held  extensive  discussions  with  industry  (including 
three  well-attended  roundtable  meetings)  in  addition  to  meeting  with  profes¬ 
sional  associations  and  public  interest  groups.  We  interviewed  members  of 
Congress  and  their  staff,  senior  public  officials,  and  working-level  security 
officers  in  government  and  industry,  all  of  whom  addressed  the  security  costs 
of  doing  business. 

'There's  No  Way  To  Know  How 
Much  We're  Spending  on  Security!" 

This  oft-heard  declaration  sums  up  the  feeling  of  many  managers,  budget 
examiners,  and  members  of  Congress  alike.  Frustration  in  the  Congress  over 
the  Intelligence  Community's  inability  to  justify  its  security  expenditures  in 
term  of  the  changi ng  threat  led  to  a  0.5  percent  reduction  in  the  NFIP  in  FY 
1993.  There  have  been  more  recent  calls  for  cost  clarity  and  containment.  Rep 
resentative  David  Skaggs  authored  language  in  the  FY  1994  Intelligence 
Authorization  Act  calling  for  the  Director  of  Central  Intelligence  to  report  to 
the  Intelligence  Committees  by  31  March  1994  on  the  cost  of  classifying  docu¬ 
ments  and  a  plan  for  reducing  classification-related  costs.  The  Commission 
believes  that  establishing  a  coherent  system  to  capture  security  costs  is  crucial 
~  to  streamlining  and  cost  reduction.  While  some  progress  is  being  made  in  the 
NFIP,  the  DoD,  and  the  NISP,  these  disparate  efforts  are  not  well  coordinated 
and  are  proceeding  far  too  slowly  to  offer  any  hope  that  a  uniform  cost 
accounting  methodology  is  achievable  in  time  to  meaningfully  capture  any  of 
the  Commission's  cost-impacting  recommendations. 


Establishing  a 
coherent  system 
to  capture  security 
costs  is  crucial  to 
streamlining  and 
cost  reduction. 


The  Commission  recommends  the  creation  of  an  ad  hoc  panel  to  cre¬ 
ate  a  common  approach  and  budget  framework  for  defining  and 
tracking  security  costs  in  the  DoD,  the  Inteliigence  Community,  and 
industry. 


Work  to  Date  in  the  DoD 

The  DoD  has  embarked  on  an  ambitious  effort  to  capture  security  costs 
using  Tactical  Intelligence  and  Related  Activities  (TIARA)  as  a  model.  Under 
the  auspi  ces  of  the  A ssi stant  Secretary  of  Defense,  C3I,  the  I  ntel  I  i  gence  Pro¬ 
grams  Support  Group  ^PG)  is  at  work  on  the  so-called  Cl,  SCM,  and  Related 
Activities  (CISARA)  initiative,  which  attempts  to  aggregate  security  costs  that 
are  not  part  of  the NFIP.^  A  new  data  base  incorporating  CISARA  as  well  as 
NFIP  costs  will  make  it  possible  to  identify  the  cost  of  security  throughout  the 
DoD's  Major  Force  Programs. 
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The 

Commission 's 
recommenda  fion 
to  create  a 
uniform  cost 
accounting 
methodology  and 
tracking  system 
shouid  bring 
about  the 
accuracy, 
uniformity,  and 
responsiveness 
currently  lacking 
in  the  Intelligence 
Community. 


Intelligence  Community  Efforts 

The  Intelligence  Community,  under  the  auspices  of  the  DCI's  Community 
Management  Staff  (CMS),  launched  a  parallel  ^ort  to  capture  security  costs 
using  methods  compatible  with  the  DoD's  CISARA  effort.  For  the  first  time. 
Joint  DoD-NFIP  Program  and  Planning  Guidance  was  issued  for  the FY 1995- 
99  program  build.  Included  as  a  part  of  a  Common  Budget  Framework  for 
programs  in  the  Defense  and  Intelligence  Communities  were  new  security 
cost  categories  for  NFIP  and  DoD  programmers  to  follow  in  building  and  dis¬ 
playing  resources  allocated  to  security.  In  a  follow-on  directive  signed  by  the 
Deputy  Director  of  Central  Intelligence,  program  managers  were  informed  of 
the  Commission's  intent  to  use  FY  1995  budget  submissions  as  the  primary 
source  of  security  resource  data.  Unfortunately,  the  Commission  did  not 
receive  usable  resource  data  from  all  the  NFIP  programs.  The  data  we  did 
receive  are  incomplete,  inconsistent  and  not  coherently  integrated  into  NFIP- 
widecost  estimates.  As  a  consequence,  the  Commission  has  not  been  able  to 
do  much  more  than  gl  impse  at  the  big  security  cost  picture  i  n  the  NFIP.  The 
Commission's  recommendation  to  create  a  uniform  cost  accounting  method¬ 
ology  and  tracking  system  should  bring  about  the  accuracy,  imifonnity,  and 
responsiveness  currently  lacking  in  the  Intelligence  Community. 

Capturing  Security  CostS  in  Industry 

There  is  a  commonly  held  pac^tion  in  industry  that  industry  has  been 
subjected  to  indiscriininate,  inconsistent,  and  unnecessary  security  proce¬ 
dures  at  costs  not  commensurate  with  the  risk  of  compromise  or  level  of 
threat.  The  Commission  concurs  with  the  NISP's  strategy  to  make  security 
more  effective  and  economical  in  industry  by  identifying: 

.  Cost  efficiencies  resulting  from  the  development  and  application  of 
baseline  standards. 

.  Security  standards  for  special  activities  or  programs  that  exceed  base¬ 
line  standards  and  are  not  linked  to  demonstrable  threats. 

.  Resource  impacts  of  proposed  changes  in  security  standards  and  poli¬ 
cies  to  aid  risk-based  decision-making. 

Capturing  security  costs  in  government  contracts  is  generally  more  diffi¬ 
cult  than  capturing  the  other  security  costs,  because  in  industry  security  costs 
are  frequently  carried  as  indirect  charges.  There  is  no  separate  requirement  for 
indust^  to  report  these  costs  to  the  government.  The  NISP  task^  a  worki  ng 
group^  to  develop  a  measurement  tool  to  determine  the  cost  of  security  in 
both  baseline  and  special  programs  standards  and  then  to  identify  the  most 
feasible  system  for  monitoring  continued  data  collection. 

The  NiSFs  effort  to  develop  cost  metrics  led  to  several  broad-scope 
industry  surveys  that  tried  to  collect  security  cost  data  from  govanment  con¬ 
tracts.  These  surveys  have  had  limited  success  for  two  primary  reasons.  First, 
they  unsuccesshilly  attempted  to  capture  indirect/imbedded  costs,  such  as 
employee  time  spent  completing  pasonnel  security  questionnaires,  conduct¬ 
ing  clearance  detenninations,  and  escorting  visitors.  Second,  contractors  are 
not  required  to  respond  to  a  survey  conduct^  by  a  Federal  agency.  Thus,  data 
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calls  are  unlikely  to  yield  a  sufficient  number  of  responses  for  a  representative 
sampling. 

But  the  surv^s  have  provided  information,  subsequently  validated  by 
independent  auditors,  that  helps  size  the  problem: 

.  Of  the  total  costs  billed  to  security  for  both  collateral  and  special  pro¬ 
grams,  60  to  80  percent  is  directly  attributable  to  security  labor  (wages,  sala¬ 
ries,  and  benefits  for  security  managers,  document  control  personnel,  guards, 
and  courias), 

.  An  additional  10  to  30  pacent  of  total  security  costs  are  for  facility  and 
equipment  costs,  including  buildings,  locks,  alarms,  and  security  containers. 

.  The  remaining  security  costs  are  carried  in  overhead  or  G&A  and  not 
identifiable  as  security  costs  per  se. 

.  Between  10  to  20  percent  of  contractors  doing  classified  work  for  the 
govanment  account  for  60  to  80  percent  of  overall  costs  billed  to  security. 

Since  there  are  no  common  accounting  practices  for  industrial  security 
costs,  there  are  huge  variances  in  cost  tracking  systems  used  by  contractors. 
The  Commission  believes  that  prescribing  uniform  accounting  procedures  for 
industry  would  be  unworkable  and  unreasonably  costly.  An  independent 
study  by  a  government  organization  estimates  that  for  its  contractors  alone, 
total  start-up  costs  for  a  security  cost  reporting/  tracking  system  would  be 
about  $12  million,  with  an  annual  recumngcostof  about  $8  million. 

An  alternative  approach,  offered  by  the  NISP  and  endorsed  by  a  consen- 
-  sus  of  government  and  industry  security  experts,  is  to  focus  on  direct  security 
labor  and  facility  costs,  since  these  categories  constitute  approximately  90  pa¬ 
cent  of  costs  billed  to  security  by  industry.  Moreova,  these  costs  can  be 
extracted  from  contractors'  existing  accounting  systems.  Capturing  the 
remaining  10  pacent,  which  is  no  less  important  but  harda  to  define,  can  be 
accomplished  by  sampling  a  small  numba  of  major  defense  firms  to  gauge 
trends  across  the  entire  business  base.  This  strategy  effectively  divides  costs 
traceable  to  saurity  requirements  into  four  categories: 

.  Routine  security  costs  that  would  be  incurred  if  thaewaeno  Fedaal 
Govanment  contracts. 

.  Visible  security  costs  usually  associated  with  collataal  programs  and 
budgeted  and  controlled  by  the  corporate  saurity  organization. 

.  Those  contract-specific  saurity  costs  for  spaial  activities  and  pro 
grams  that  are  under  the  direct  control  of  program  □□  contract  managas. 

.  Those  imbedded  costs  not  identifiable  as  direct  labor  that  are  related  to 
saurity  tasks  and  regulations  and  are  accomplished  by  non-saurity  employ¬ 
ees  and  not  raorded  as  saurity  costs. 


There  is  a 
commonly  held 
perception  in 
indust  y  that 
indust  y  has  been 
subjected  to 
indiscriminate, 
in  con  si  stent,  and 
unnecessay 
security 
procedures  at 
costs  not 
commensurate 
with  the  risk  of 
compromise  or 
/eve/  of  threat. 
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Chapter  9.  The  Cost  of  Security-  An  Elusive  Target 


The  Commission  endorses  the  joint  government  and  industry  strat¬ 
egy  for  capturing  industrial  security  costs  and  recommends  that  this 
strategy  be  incorporated  within  the  new  accounting  and  budget 
framework  for  security. 


There  are  a  num¬ 
ber  of  recommen¬ 
dations  where  the 
cost-savings 
impact  wiii  be 
more  graduai  but 
nonetheless 
significant  over 
theiong  term. 


Moving  Towards  Consistency 

Capturing  security  costs  in  theDoD,theNHP  and  industry  consistently 
and  at  some  reasonable  level  of  detail  is  essential  to  baselining  security  expen¬ 
ditures.  Unless  all  three  define  costs  in  a  manner  that  lends  itself  to  subse¬ 
quent  aggregation  and  analysis  on  similar  program  and  budget  cycles,  it  will 
not  serve  the  needs  of  policymakers  and  risk  managas  at  all  levels  who  have 
to  makesound  security  decisions  in  a  resource-constrained  environment. 

Getting  to  the  Bottom  Line-The  Payoff  Is  Long  Term..  . 

The  Commission  has  made  two  types  of  cost-saving  recommendations 
that  will  directly  reduce  costs.  First,  we  have  suggested  ways  to  lower  secu¬ 
rity  costs  (eliminating  inefficiencies  and  excessive  layas  of  protection)  with¬ 
out  degrading  the  effectiveness  of  protection.  Second,  the  Commission  has 
offaed  a  number  of  specific  proposals  that  will  lessen  the  cost  of  security  and 
reduce  levels  of  protection  without  jeopardizing  security  by  managing  risk 
Because  our  focus  has  been  on  systemic  problems,  the  kind  that  appear  below 
the  waterline  on  the  iceberg  graphic,  there  are  a  number  of  recommendations 
w  here  the  cost-savi  ngs  i  mpact  w  i  1 1  be  more  grad  ual  but  nonethel  ess  signifi¬ 
cant  over  the  long  tarn.  We  have  not  been  able  to  quantify  the  savings  except 
in  very  rough  tenns: 

.  Overhauling  thedassification  system  will  have  cost-beneficial  impacts 
on  virtually  every  aspect  of  security.  We  will  be  able  to  integrate  our  informa¬ 
tion  architectures  and  exchange  people  and  ideas  more  efficiently,  while  pro¬ 
tecting  secrets  effectively  Moreover,  if  we  classify  less  and  declassify  more, 
we  will  have  to  clear  fewer  people,  buy  fewer  safes,  and  mount  fewer  guard 
posts. 


.  The  personnel  security  system  can  be  streamlined  by  mandating  red- 
prodty,  consolidating  functions  and  encouraging  automation.  Long-term  sav¬ 
ings  wiii  resuit  from  maging  investigative  organizations  for  the  Defense  and 
Intelligence  Communities,  reducing  investigative  lag  times,  reducing  the 
scope  of  the  SSBI,  mandating  reciprocity  of  adjudications,  consolidating  DoD 
adjudicative  centers,  using  industrial  funding  strategies  for  select  security 
functions,  consolidating  security  forms  and  establishing  a  pasonnel  security 
questionnaire  in  electronic  format. 

.  Revising  physical  security  requirements  will  establish  standards  and 
ensure  reciprocity.  Costs  can  be  reduced  by  eliminating  routine  industrial 
inspections,  establishing  a  facility  certification  and  registration  system,  reduc¬ 
ing  domestic  TEMPEST  requirements,  discontinuing  routine TSCM  inspec- 
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tions,  and  maintaining  central  data  bases  for  clearances  for  all  of  government 
and  industry. 

•  Introducing  effective  oversight  and  disdpline  into  the  security  commu¬ 
nities  through  the  creation  of  the  security  executive  committee  and  its  sup¬ 
porting  staff  will  reduce  costs.  So  will  streamlining  the  policy  coordination 
mechanism  by  consolidating  several  committees  and  their  supporting  struc¬ 
tures  into  one  cohesive  policy  management  structure. 

•  Taking  full  advantage  of  existing  Defense  and  Intelligence  Community 
training  expertise  and  facilities  by  pooling  resources  and  coordinating  train¬ 
ing  initiatives  is  also  a  cost  saver. 

•  Avoiding  conflicting  research  and  development  programs  will  protect 
critical  efforts  that  track  changes  in  foreign  intelligence  threats  as  well  as  tech¬ 
nology  while  freeing  up  resources  for  other  priority  needs. 

. . .  W  ith  U  p-Front  C  osts  i  n  the  N  ear  T erm 

•  start-up  costs  for  a  new  DoD-Intelligence  Community  badge  system 
are  estimated  at  $3  million.  However,  the  benefits  of  increased  efficiency  and 
productivity  savings  suggest  that  the  system  could  pay  for  itself  in  one  year. 

•  Increasing  our  investment  in  information  systems  security  will  be 
expensive  in  the  short  run.  H  owever,  the  consequences  of  a  security  break¬ 
down  in  this  area  are  so  critical  and  far-reaching,  that  committing  additional 
resources  is  only  prudent. 


Incredsing  our 
investment  in 
information 
systems  security 
. . .  is  only 
prudent 


The  Bottom  Line 

The  Commission  was  not  given  a  cost  reduction  target,  and  without 
being  able  to  define  costs  precisely,  meeting  one  would  have  been  nearly 
impossible  in  any  case.  Nonetheless,  the  Commission  believes  that  its  recom¬ 
mendations  can  lead  to  net  long-term  savings.  Furthermore,  we  believe  there 
needs  to  be  a  sound  resource  strategy  that: 

•  Links  security  countermeasures  and  costs  to  realistic  threat  assess¬ 
ments  and  risks. 

•  Provides  a  financial  blueprint  to  guide  resource  allocation  and  estab¬ 
lishes  top-level  policy  direction  and  control  over  security  expenditures. 


The  Commission  recommends  that  the  Secretary  of  Defense  and  the 
Director  of  Central  Intelligence  develop  a  long-term  resource  strat¬ 
egy  for  security. 
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Chapter  10. 

Security  Awareness,  Training, 
and  Education 


The  security 
education 
community  has 
a  critical  roie 
to  piay. 


The  success  of  the  Commission's  recommendations  to  improve  security 
will  depend  in  part  on  how  well  we  can  incorporate  the  concepts  of  risk  man¬ 
agement,  standardization,  reciprocity,  accountability  and  a  savice  mentality 
into  the  way  we  do  business  and  into  the  fabric  of  the  workforce.  The  security 
education  community  has  a  critical  role  to  play  in  this  process.  The  Commis¬ 
sion  is  proposing  a  fundamental  change  in  how  we  view  and  manage  security. 
The  concepts  espoused  demand  greater  responsibility  from  each  individual. 
Management  must  be  educated  as  to  its  responsibilities  in  the  new  environ¬ 
ment  and  provided  the  tools  to  apply  risk  management  effectively.  Multidisci¬ 
plinary  security  professionals  will  need  to  know  the  "why"  as  well  as  the 
"how"  of  security  in  orda  to  move  away  from  a  compliance  or  checklist  men¬ 
tality  toward  a  customer  service  philosophy.  Employees  will  need  to  under¬ 
stand  their  critical  role  and  feel  that  they  have  a  pasonal  stake  in  identifying 
and  implementing  the  goals  and  objectives  of  their  organization  in  protecting 
its  assets. 


The  Present 

The  Defense  and  Intelligence  Communities  each  have  extensive  training 
infrastructures  in  place  focused  primarily  on  their  own  needs.  Interaction 
with  respect  to  curricuia  and  access  to  courses  and  materiai  is,  at  best,  infor¬ 
mal  among  the  various  training  facilities.  Training  criteria  and  requirements 
also  vary  between  agencies  and  departments  resulting  in  uneven  perfor¬ 
mance  levels  of  security  officers.  While  the  Commission  recognizes  the  need 
for  agency  and  department  specific  training  and  criteria,  these  ind^endent 
efforts  produce  an  inconsistent  quality  of  training,  result  in  a  duplication  of 
effort,  and  reinforce  the  parochial  interpretation  and  implementation  of 
national  policy.  TheCommission  has  also  found  that  despite  the  importance 
of  security  awareness,  training,  and  education  programs,  these  programs  tend 
to  be  frequent  and  ready  targets  for  budget  cuts. 

Training  for  the  Future 

The  security  system  of  the  future  will  place  greata  demands  on  the  entire 
workforce,  but  especially  on  the  security  professionals.  The  focus  on  creative, 
cost-effective  solutions  to  security  problems  will  require  a  thorough  under¬ 
standing  of  both  the  spirit  and  the  letter  of  security  policies,  practices,  and 
procedures.  The  security  professionals  will  be  asked  to  implement  the 
changes  that  we  are  proposing  and  to  provide  the  expert  input  needed  to 
make  risk  management  a  viable  reality  The  expertise  and  enagy  that  molded 
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the  present  security  system  must  be  harnessed  and  directed  to  meet  the  chal¬ 
lenges  of  the  new  security  environment.  The  standardization  of  security  train¬ 
ing  programs  and  development  of  career  development  tracks  are  important 
steps  in  this  process  and  should  be  the  primary  goals  of  the  training  commu¬ 
nity.  Uniformity  in  the  skills  and  knowledge  taught  security  professionals  is 
ne^ed  not  only  to  ensure  the  quality  of  work  but  also  to  foster  a  common 
understanding  and  implementation  of  security  policies  and  procedures.  The 
demonstrated  need  for  reciprocity  among  government  agencies  and  facilities 
argues  strongly  for  the  creation  of  a  career  program  structure  with  defined 
levels  of  proficiency  for  security  disciplines,  professionalization  criteria,  cross¬ 
disciplinetraining,  rotational  assignments,  and  opportunities  for  advance¬ 
ment. 

As  noted  in  the  Information  Systems  Security  Chapter  of  this  report,  no 
where  is  the  need  for  standardization  and  professionalization  more  apparent 
than  in  information  systems  security  Because  of  a  lack  of  qualified  personnel 
and  a  failure  to  provide  adequate  resources,  many  information  systems  secu¬ 
rity  tasks  are  not  being  performed  adequately.  Too  often  critical  security 
responsibilities  are  assigned  as  additional  or  ancillary  duties.  We  have  not 
identified  all  of  the  missions  and  functions  to  be  performed  by  information 
systems  security  professional  sand  lack  comprehensive,  consistent  training 
for  information  systems  security  officers;  security  engineers  charged  with 
developing  secure  systems,  networks  and  security  tools;  and  certifiers  and 
accreditors  who  can  assure  us  that  our  networks  operate  securely.  Addition¬ 
ally,  in  technical  areas  like  information  systems  security  and  TSCM,  we 
should  provide  cross  training  between  the  defensive  and  offensive  sides  so 
that  the  lessons  learned  by  one  side  can  be  of  benefit  to  the  otha. 

Building  on  the  informal  cooperation  which  already  exists  in  some  places, 
a  formal  partnership  between  the  Defense  and  Intelligence  Communities 
should  be  established  to  achieve  these  objectives  and  to  realize  cost  efficien¬ 
cies.  Such  a  partnership  would  be  based  on  the  joint  use  of  training  facilities, 
the  creation  of  common  career  fields  and  professionalization  programs,  and 
the  consolidation  of  training  management  functions  into  an  executive  agent 
for  security  training.  Working  in  cooperation  with  the  agencies  and  depart¬ 
ments,  the  executive  agent  would: 

.  Identify  and  catalog  Defense  and  Intelligence  Community  require¬ 
ments  for  security  training  and  coordinate  the  development  of  courses  to 
meet  the  requi  rements. 

•  Centralize  training  resources,  facilitate  community-wide  access  to 
existing  training  centers  and  products,  and  focus  investment  in  training  tech¬ 
nology 

.  Implement  curriculum  review  and  instructor  certification. 

•  Establish  community  course  codes  and  create  a  central  database  of 
available  training. 

.  Develop  security  professionalization  criteria. 


Uniformity  in  the 
skills  and 
knowledge  taught 
security 
professionals  is 
needed  not  only 
to  ensure  the 
quality  of  work 
but  also  to  foster 
a  common 
understanding 
and 

implementation. 
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Chapter  10. Security  Awareness,  Training,  and  Education 


The  Commission  recommends  that  an  executive  agent  for  security 
training  be  appointed.  This  executive  agent  should  standardize 
security  training,  develop  security  professionalization  criteria, 
encourage  joint  use  of  training  facilities,  and  emphasize  the  devel¬ 
opment  of  information  systems  security  training. 


A  focused  effort  is  also  needed  to  educate  management  as  to  its  security 
responsibilities  and  to  teach  principles  of  effective  risk  management  and  its 
application  to  security  countermeasures.  As  the  insider  is  cit^  as  the  major 
threat  to  the  protection  of  information  in  government  and  industry  today, 
managers  must  know  how  to  spot  troubl^  employees,  how  to  help  them, 
what  resources  are  available,  and  how  to  use  these  resources  to  counter  the 
insider  threat. 

Sensitizing  employees  to  the  continuing  need  for  security  will  be  a  chal¬ 
lenge  in  the  post  Cold  War  environment.  Government  and  industry  must  con¬ 
tinue  to  be  made  aware  of  their  responsibilities  in  protecting  our  nation's 
assets.  Howeva,  the  Commission  found  that  all  too  often  security  awareness 
briefings,  while  a  cost-effective  way  to  reach  the  workforce,  are  viewed  as  bor¬ 
ing,  irrelevant,  and  out-of-date.  Presentations  are  often  made  in  the  same 
manner  regardless  of  whether  the  audience  consists  of  new  recruits  or  senior 
management.  Security  awareness  programs  need  to  be  tailored  to  the  audi¬ 
ence  and  refocused  to  provide  current,  specific  examples  of  the  diverse  and 
multifaceted  threats,  emphasizing  such  topics  as  current  counterintelligence 
issues  and  information  systems  security. 


The  Commission  recommends  that  an  increased  emphasis  be  placed 
on  developing  and  funding  security  education  courses  for  manage¬ 
ment  and  up-to-date  security  awareness  programs. 
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Chapter  11. 

A  Security  Architecture 
for  the  Future 


No  substantive 
and  long-term 
improvements 
can  be  achieved 
without  a 
unifying 
structure  to 
provide 

ieadership,  focus, 
and  direction  to 
the  government 
security 
communities. 


Throughout  this  report,  we  have  identified  problems  that  contribute  to 
the  complexity  and  cost  of  the  security  system  and  proposed  recommenda¬ 
tions  for  overcoming  them.  But  as  noted  earlier,  many  of  these  problems  are 
merely  symptoms,  not  causes.  The  Commission  unanimously  believes  that 
the  fragmentation  of  the  security  policy  structure  is  the  prime  cause  of  the 
problems  now  associated  with  security  policies,  practices,  and  procedures 
and  that  no  substantive  and  long-term  improvements  can  be  achieved  with¬ 
out  a  unifying  structure  to  provide  leadaship,  focus,  and  direction  to  the  gov- 
anment  security  communities. 

The  Present 

US  Govanment  security  policies  and  practices  have  evolved  in  an  ad  hoc 
manner  over  the  last  four  decades.  Security  policy  is  enunciated  in  a  collection 
of  documents  (Executive  Orders,  National  S&urity  Decision  Directives, 
National  Security  Directives,  Presidential  Decision  Directives,  legislation,  and 
individual  department  or  agency  directives  and  orders)  prepared  at  different 
times,  by  different  people,  in  response  to  different  requirements  and  events, 
not  as  part  of  a  coherent  planned  effort.  Additionally,  the  individual  policy 
documents  have  been  developed  through  consensus,  an  approach  that  is  not 
only  time  consuming  and  slow  to  respond  to  change,  but  can  also  produce 
unsatisfactory  results.  Policy  is  often  weakened  in  order  to  achieve  consensus. 
As  a  result,  the  departments  or  agencies  are  allowed  to  ignore  aspects  of  pol¬ 
icy  which  they  do  not  support,  as  has  happened  with  the  SSBI  mandated  by 
NSD  63,  the  new  TEMPEST  policy  outlin^  in  NSTISSI  7000,  and  the  elimina¬ 
tion  of  the  two  pason  rule. 

This  piecemeal  approach  to  security  policy  has  led  to  a  decentralized  pol¬ 
icy  structure  in  which  multiple  groups  with  different  interests  and  authorities 
work  independently  of  one  another.  Figure  8  represents  some  of  the  Defense 
and  Intelligence  Community  groups  that  either  have  some  role  in  the  formu¬ 
lation  of  security  policy  or  influence  the  process.  M  any  of  these  groups  have 
overlapping  memberships  and  responsibilities,  others  operate  in  isolation, 
but  all  exact  a  cost  in  terms  of  time,  enagy,  and  efficiency. 
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Figure  8.  The  Current  Policy  Structure 

Each  department  or  agency  head  is  responsible  for  the  appropriate  imple¬ 
mentation  of  security  policy  within  his  or  her  own  organization.  This  decen¬ 
tralization  presents  its  own  unique  set  of  chal  lenges.  The  process  is  slow  and 
some  peop  e  never  seem  to  get  the  word.  M  ultiple  agency  originated  imple¬ 
mentation  documents,  while  accommodating  unique  agency  or  department 
needs,  also  allow  ample  opportuniw  for  the  introduction  of  subtle  changes, 
clarifications,  reintapretations,  or  additions  that  grow  more  pronounced  with 
each  iteration  and  can  subvert  efforts  to  standardize  or  update  security  poli¬ 
cies  and  practices. 

Oversight  responsibility  rests  primarily  with  the  department  or  agency 
heads  and  their  respective  Inspectors  General  Although  the  Director  of  Cen¬ 
tral  Intelligence  has  statutory  authority  for  the  protection  of  sources  and  meth¬ 
ods,  no  comparable  authority  exists  within  the  Defense  Department  whae  the 
Under  Secretary  of  Defense  (Policy),  the  Assistant  Secretary  of  Defense  (Com¬ 
mand,  Control,  Communications  and  Intelligence),  the  defense  agencies,  ser¬ 
vices,  and  Joint  and  Unified  Commands  all  have  a  responsibility  for  security 
policy.  In  addition,  there  is  no  effective medianism  to  look  across  government 
to  ensure  that  security  policy  is  being  implemented  properly,  if  at  all.  Some 
personnel  interviewed  in  the  Defense  and  Intelligence  Communities  believe 
that  thae  is,  in  fact,  no  penalty  for  noncompliance  with  security  policy. 

The  Future 

The  problems  inherent  in  this  fragmented  approach  to  security  policy 
argue  strongly  for  the  creation  of  a  security  policy  structure  capable  of  pulling 
these  disparate  elements  together  and  overcoming  the  bureaucracies'  tradi¬ 
tional  resistance  to  innovation  and  change.  The  Commission  recommends  the 
establishment  of  a  security  executive  committee  to  unify  security  policy 


A  security 
executive 
commit  tee 
[would]  unify 
security  poiicy 
deveiopment; 
serve  as  a 
mechanism  for 
coordination, 
dispute  resoiuti  on, 
evaiuation,  and 
oversight;  and 
provide  a  focal 
point  for 
Congressionai 
and  pubiic 
inquiries 
regarding 
security  policy  or 
its  appii cation. 
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Chapter  II.  A  Security  Architecture  for  the  Future 


development;  serve  as  a  mechanism  for  coordination,  dispute  resolution, 
evaluation,  and  oversight;  and  provide  a  focal  point  for  Congressional  and 
public  inquiries  regarding  security  policy  or  its  application.  Individual 
department  heads  would  be  able  to  request  exceptions  from  general  policies 
for  their  departments  if  deemed  necessary. 


The  [security 
advisory]  board 
would  act  as  a 
barometer  for  the 
committee  to 
ensure  that 
security  policy 
and  implemen¬ 
tation  is  consis¬ 
tent  with  the 
overall  goals  of  the 
government,  such 
as  openness,  cost 
effectiveness,  and 
jaimess. 


Figure  9.  The  Security  Executive  Committee 

In  view  of  the  national  security  responsibilities  assigned  to  the  Depart¬ 
ment  of  Defense  and  the  Director  of  Central  Intelligence,  we  propose  that  the 
Secretary  of  Defense,  or  his  designee,  and  the  Director  of  Central  Intelligence 
jointly  chair  the  security  executive  committee.  In  recognition  of  the  need  to 
view  security  from  a  national  perspective,  the  other  permanent  members 
would  be  the  Deputy  National  Security  Adviser,  the  Deputy  Secretary  of 
State,  the  Deputy  Secretary  of  Treasury,  the  Deputy  Secretary  of  Energy,  the 
Deputy  Secretary  of  Commerce,  the  Deputy  Attorney  General,  the  Chairman 
of  theJointChi^sof  Staff,  and  theDirector  of  0MB.  Other  departments  or 
agencies  would  be  invited  to  attend  committee  meetings  as  required  by  the 
subject  under  discussion.  In  the  Commission's  view,  thesecurity  executive 
committee  should  be  established  by  the  President  under  the  auspices  of  the 
National  Security  Council. 

The  security  executive  committee  would  be  assisted  by  a  security  advi¬ 
sory  board  composed  of  distinguished  Americans  who  would  provide  a  non¬ 
government  and  public  interest  perspective  to  security  policy.  The  board 
would  act  as  a  barometer  for  the  committee  to  ensure  that  security  policy  and 
implementation  is  consistent  with  the  overall  goals  of  the  government,  such 
as  openness,  cost  effectiveness,  and  fairness. 

A  small  permanent  interagency  staff  would  provide  support  for  the  secu¬ 
rity  executive  committee  as  requir^.  Our  concept  would  be  to  focus  the  staff 
on  four  functional  areas:  threat,  policy  development,  implementation,  and 
oversight.  We  would  anticipate  that  the  staff  would  facilitate,  track,  and  expe¬ 
dite  actions  and  would  support  whatever  interagency  committees  and  groups 
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might  be  required  to  ensure  full  community  participation  in  the  development 
and  coordination  of  security  policy  and  to  effect  horizontal  integration  of  the 
individual  security  disciplines.  The  functions  of  existing  staff  structures,  such 
as  the  Information  Security  Oversight  Office  (ISOO);  the  National  Security 
Telecommunications  and  Information  Systems  Security  Committee 
(NSnSSC)  Executive  Secretariat,  and  elements  of  the  Community  Counterin¬ 
telligence  and  Security  Countermeasures  Office  (CCISCMO)  could  be  consoli¬ 
dated  as  subcommittees  or  i  n  the  permanent  staff  i n  order  to  streamline  the 
structure  and  reinforce  the  concept  of  horizontal  integration. 

The  security  executive  committee  has  a  pivotal  role  in  implementing  the 
changes  that  we  are  proposing  and  in  achieving  our  vision  for  the  future.  If 
created,  it  will  facilitate  the  continuous  and  dynamic  review  of  security  poli¬ 
cies,  practices,  and  procedures  needed  to  propel  the  government  security 
communities  into  the  new  century.  The  scope  and  stature  of  its  membership 
will  give  greater  prominence  to  security  and  will  combine  the  government 
security  communities  into  a  cohesive  framework  that  can  address  the  full 
range  of  security  issues.  It  will  monitor  implementation  to  ensure  that  it  is 
timely  and  consistent. 

As  an  early  goal,  we  believe  the  committee  should  enunciate  a  cohesive 
national  level  strategy  for  security  which  lays  out  goals  and  objectives  and 
assigns  responsibilities  across  government.  The  national  scope  of  the  strategy 
would  ensure  consistency  and  reciprocity  among  departments  and  agencies 
and  recognize  that  security  is  a  governmentwide  responsibility. 


The  Commission  recommends  the  estabiishment  of  a  nationai  ievei 
security  policy  committee  to  provide  structure  and  coherence  to  U  S 
Government  security  poiicy,  practices  and  procedures.  The  commit¬ 
tee  wiii; 

1)  Deveiop  government  security  poiicy  and  standards. 

2)  Ensure  long  term  and  continuing  implementation  oversight. 

3)  Serve  as  an  ombudsman  to  resoive  disputes. 

4)  M  onitor  security  resources  expended  and  provide  security  pro¬ 
gram  guidance. 

As  a  first  step,  the  Commission  recommends  that  the  Secretary  of 
Defense  and  the  Director  of  Centrai  Inteiiigence  immediateiy  estab- 
iish  a  committee  to  fuifiii  these  functions  for  the  Defense  and  Intei¬ 
iigence  Communities. 
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Endnotes 


1.  Theterm  "bigot"  is  said  to  have  been  coined  during  World  War  II,  with  ref¬ 
erence  to  the  controls  on  information  sent  TO  GIBRALTAR,  or  TOGIB, 
reversed  as  BIGOT. 

2.  The  Executive  Order  on  classification  allows  Agency  heads  to  create  Spe¬ 

cial  Access  Programs  to  control  access  distribution  and  protection  of  par¬ 
ticularly  sensitive  information.  These  include  DoD  Special  Access 
Programs  (SAPs),  theDQ's  Sensitive  Compartmented  Information  Pro¬ 
grams,  and  other  information  controlled  by  access  lists.  This  includes  CIA 
human  source  and  operational  information  and  Joint  Chiefs  of  Staff  war 
plans. 

3.  Acquisition  programs  for  the  protection  of  sensitive  research,  develop 

ment,  test  and  evaluation,  or  procurement  activities  in  support  of  sensitive 
military  and  intelligence  requirements. 

Intelligence  programs  for  the  protection  of  planning  sensitive  intelligence 
or  counterintelligence  operations  or  for  the  collection  and  exploitation  of 
intelligence. 

Operations  and  Support  programs  for  the  protection  of  planning  and  exe¬ 
cuting  sensitive  military  opaations  or  providing  sensitive  support  to  non- 
DoD  departments  and  agencies. 

4.  Acknowledged  programs  are  those  which  are  acknowledged  to  exist, 
although  the  public  may  not  be  aware  of  the  Special  Access  Program. 
Details  of  the  program  are  unda  special  protective  controls. 

Unacknowledged  programs  are  those  of  which  the  mere  existence  of  the 
Special  Access  Program  is  protected  from  all  within  government  and 
industry  who  have  not  been  determined  to  have  a  need-to-know.  Knowl¬ 
edge  of  the  existence  of  the  program  could  endanga  its  success. 

5.  The  current  sentencing  guidelines  illustrate  this  confusion.  The  guidelines 
are  based  on  the  assumption,  codified  in  the  executive  orda  on  classified 
information,  that  the  disclosure  of  Top  Secret  information  will  cause 
greata  damage  than  the  disclosure  of  S^ret  information.  Under  the  exist- 
ingguidelinesa  person  will  recei  ve  a  more  severe  sentence  for  d  i  scl  osi  ng 
Top  Secret  than  for  disclosing  Secret  information.  However,  information 
protected  as  Secret  SAP  is  often  much  more  sensitive  than  "collateral"  (i.e. 
non-SAP)  Top  Secret.  Thus,  the  current  sentencing  guidelines  could  result 
in  a  pason  receiving  a  lighta  sentence  than  is  justified  by  the  harm  caused 
by  the  disclosure.  The  sentencing  guidelines  must  be  rewritten  to  reflect 
the  classification  system  recommended  by  the  Commission. 

6.  WNINTEL:  Warni ng  N  otice- 1  ntel I igence  Sources  and  M  ethods  I  nvolved 
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ORCON;  Dissemination  and  Extraction  of  Information  Controlled  by 
Originator 

NO  FORN:  Not  Releasable  to  Foreign  Nationals 

REL:  Authorized  for  Release  to  (Name  of  country(ies)  or  international 
organization)  . 

7.  NO  CONTRACT:  Not  Releasable  to  Contractors  or  Consultants 
PROPIN:  Caution-  Proprietary  Information  Involved 

8.  Commissioner  Lapham's  remarks  on  secrecy  agreements  are  contained  in 
Appendix  A. 

9.  It  is  not  clear  how  many  pages  of  information  are  involved.  Some  of  these 
documents  may  consist  of  one  or  two  pages,  others  may  be  much  longer 
documents.  This  is  important  because  the  Department  of  Defense  (DoD) 
and  the  Central  Intelligence  Agency  (CIA),  which  together  account  for 
between  84  to  87  percent  of  those  classification  actions,  report  that  an  expe¬ 
rienced  reviewer  is  able  to  review  approximately  200  pages  of  classified 
documents  per  day.  (We  are  informed  by  DoD  that  during  its  review  of 
MIA/  POW  documents  an  expaienced  reviewer  was  able  to  review  about 
200  pages  of  material  per  day,  but  that  the  average  rate  of  declassification 
could  be  as  low  as  75  to  100  pages  per  person  per  day.)  Based  upon  this 
data  we  estimate  that  an  expaienced  reviewa,  working  an  average  of  240 
days  per  year  and  reviewing  an  avaage  of  200  pages  pa  day  could  review 
48,000  pages  pa  year.  Assuming  an  avaage  of  three  pages  pa  document 
or  18  million  pages  pa  year,  it  would  require  375  reviewasto  review  a 
single  year's  product.  Assuming  an  avaage  grade  of  GS12  (about  $43,000 
pa  year),  this  review  would  cost  in  excess  of  $16  million  in  direct  salary 
costs.  This  does  not  take  into  account  the  additional  administrative  costs, 
for  example,  of  finding  the  documents  and  all  of  the  copies.  Moreover,  cre¬ 
ating  a  govanment&de  computa  data  base  and  entaing  all  classification 
and  declassification  decisions  will  be  a  difficult  and  expensive  undatak- 
ing.. 

10.1993  Status  Report  on  the  Implementation  of  National  Security  Directive 
47. 

11.  PERSEREC  has  proposed  that  the  NAC  be  expanded  to  include  all  current 
NAC  inquiries  plus  checks  of  otha  national  automated  databases.  For 
example,  the  Title  31  data  base  maintained  by  the  Treasury  Department 
contains  information  on  large  and/or  suspicious  currency  transactions 
that  merchants  and  individuals  are  reqviiied  to  file  with  Treasiny.  These 
publicly  avail  able  databases  can  provide  investigators  with  leads  concern¬ 
ing  unexplained  affluence  and/or  an  important  countaintelligence  indica¬ 
tor  that  can  be  difficult  to  detect  through  traditional  credit  chaks.  Searches 
of  these  databases  also  can  be  automated  such  that  investigators  are  noti¬ 
fied  only  when  catain  thresholds  are  reached. 

12.  Based  on  0PM  figures. 

13.  Commissiona  Chayes's  supplemental  view  on  procedureal  safeguards  is 
contained  in  Appendix  B. 

14.  Commissioner  Lapham's  remarks  on  the  polygraph  are  contained  in 
Appendix  C. 
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Endnotes 


15.  "Polygraph"  is  Greek  for  "many  writings,"  reflecting  the  multiple  read¬ 
ings  that  are  recorded  simultaneously.  Theinstrument-which  was  basi¬ 
cally  developed  by  1949— measures  physiological  changes  in  response  to 
questions. 

16.  NRO  and  CLA  have  approximately  40,000  contractors  who  have  access  and 
who  have  never  been  polygraphed. 

17.  The  goals  of  the  program  are  to: 

(a)  provide  an  arsenal  of  valid  and  reliable  security  and  applicant  screen-, 
ing  tests  based  on  scientific  evaluation  of  existing  tests  in  comparison  with 
new  tests; 

(b)  eliminate  privacy-invading  or  personally  offensive  control  questions; 

(c)  evaluate  a  variety  of  sensors,  transducers,  and  recording  devices  to 
establish  the  most  effective  and  noninvasive  physiological  data  collection 
systems; 

(d)  develop  algorithms  that  provide  valid  and  reliable  diagnostic  results 
for  each  screening  test  that  meets  acceptable  levels  of  validity; 

(e)  develop  countermeasure  detection  algorithms  for  all  screening  tests; 

(f)  evaluate  the  effectiveness  and  utility  of  applicant  screening  tests; 

(g)  determine  the  deterrent  effects  of  the  screening  polygraph; 

(h)  develop  other  tools  for  detecting  deception  that  could  be  used  in  con¬ 
junction  with  or  in  place  of  the  polygraph. 

18.  National  Operations  Security  Doctrine,  Interagency  OPSEC  Support  Staff; 
January  1993. 

19.  Membership  currently  consists  of  representatives  from  the  DoE,  CIA, 
NSA,  GSA,  FBI,  and  the  Secret  Service. 

20.  The  training  of  over  2200  government  employees  occurred  from  1991  to 
1993. 

21.  Examples  include  voting  trusts  proxies,  special  security  agreements,  board 
resoiutions,  and  reciprocai  agreements. 

22.  The  Exon-Florio  Amendment,  Section  5021  of  the  Omnibus  Trade  and 
Competitiveness  Act  of  1988  (Pub.  L.  100-418),  enacted  August  23,1988, 
permits  the  President  to  halt  or  reverse  the  acquisition  of  a  US  business  by 
a  foreign  firm  if  he  believes  it  would  harm  national  security  in  a  manner 
not  adequately  addressed  by  other  federal  laws.  Executive  Order  No. 
11858,  as  amended,  54  Fed.  Reg.  779  (Dec.  28, 1988),  delegates  to  the  Inter¬ 
agency  Committee  on  Foreign  Investment  in  the  United  States  (CFIUS)  the 
authority  to  determine  when  a  proposed  transaction  warrants  review, 
investigations,  and  to  submit  recommendations  to  approve,  limit,  or  halt 
transactions. 

23.  DoD  Instruction  2015.4,  dated  5  Nov  63,  established  theDoD  Mutual 
Weapons  Development  Data  Exchange  Program  and  the  Defense  Develop 
ment  Exchange  Program.  Cooperative  efforts  expanded  in  1976  with  the 
creation  of  the  International  Professional  Scientist  and  Engineer  Program, 
followed  by  the  Personnel  Exchange  Program. 

24.  A  two-year  US  Anny  study  of  the  Defense  Data  Exchange  Program  found 
that  foreign  governments  successfully  used  a  variety  of  overt  and  covert 
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collection  methods  to  gain  access  to  prohibited  (non-releasable)  classified 
and  unclassified  technologies,  weapons  systems,  and  programs. 

25.  The  NDP  establishes  criteria  and  conditions  that  implement  the  security 
requirements  contained  in  the  Arms  Export  Control  Act  (AECA)  and  Exec¬ 
utive  Order  12356. 

26.  The  terms  "white"  and  "black"  are  also  used  to  describe  acknowledged 
and  unacknowledged  programs  respectively.  Although  there  is  no  stan¬ 
dard  definition  of  these  terms  in  the  security  lexicon,  in  its  broadest  sense, 
"black"  refers  to  not  only  to  the  aspect  of  covertness/clandestinity  of  a 
program  but  alsotoSAPs  and  other  special  activities  that  imposeneed-to- 
know  or  access  controls  beyond  those  normally  provided  for  Top  Secret, 
Secret,  and  Confidential  information.  Because  these  terms  are  not  clearly 
defined  and  could  be  considered  offensive  to  some,  the  Commission 
encourages  the  use  of  the  terms  "acknowledged"  and  "unacknowledged." 

27.  "Resource  Estimates  for  Counterintelligence  and  Security  Countermea¬ 
sures,"  a  study  prepared  for  the  Deputy  Assistant  Secretary  of  Defense, 
C3I  (a  &  SCM)  by  the  Institute  for  Defense  Analysis,  September  1992 
(updated  Decemba  1993) 

28.  "Capturing  Security  Costs  in  Industry:  Final  Report  of  the  National  Indus¬ 
trial  Security  Program  Resources  Working  Group,"  December  1993. 
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Appendix  A. 

Statement  of  Commissioner  Lapham 
on  Secrecy  Agreements 


If  this  recommendation  is  adopted,  it  will  inevitably  gut  the  secrecy 
agreement  that  is  currently  required  as  a  condition  of  CIA  employment.  The 
r^ort  suggests  that  the  broad-form  prepublication  review  provision  con¬ 
tained  in  this  agreement  has  no  value,  because  the  malicious  will  disregard  it 
anyway  and  the  conscientious  can  safely  be  held  to  a  less  broad  requirement. 

I  do  not  believethat  the  historical  record  supports  this  suggestion,  and  I  am 
mindful  of  the  fact  that  DQs  have  repeatedly  affirmed,  with  reference  to  the 
current  agreement  or  ik  predecessors,  that  the  broad-form  prepublication 
review  provision  is  vital  to  the  protection  of  intelligence  sources  and  methods. 

I  do  not  believethat  this  recommendation  should  be  adopted,  if  at  all, 
without  a  much  fuller  accounting  of  the  benefits  that  have  been  realized  as  a 
result  of  the  obligations  imposed  by  the  CIA  secrecy  agreement,  and  the  risks 
thatwould  ensueif  that  agreement  were  to  be  modified  in  accordance  with 
the  recommendation. 
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Appendix  B. 

Statement  of  Commissioner  Chayes 
on  Procedural  Safeguards 


I  support  the  conclusion,  reached  in  the  main  text,  that  the  procedural 
safeguards  available  to  military  personnel  and  DoD  civilians  facing  denial  or 
revocation  of  security  clearances  should  be  the  same.  I  would  go  furtha,  how¬ 
ever,  in  urging  that  different  treatment  for  DoD  government  and  contractor 
personnel  also  be  eliminated.  Elementary  fairness  requires  that  we  provide 
uniform  treatment  for  both  classes  of  people. 

Reaching  this  state  of  affairs  r^uires  that  we  bridge  the  gap  between  the 
two  sets  of  procedures  currently  in  place.  For  many  of  the  reasons  stated  in 
the  main  text,  the  formal  trial-like  procedures,  using  the  Federal  Rules  of  Evi¬ 
dence  as  a  guide,  and  available  to  anyone  who  requests  it,  whether  or  not 
thae  are  any  factual  disputes  that  need  to  be  resolved  represents  procedural 
overkill.  And  while  the  process  is  perhaps  more  expensive,  and  time  and 
labor  intensive  than  necessary  at  the  front  end,  it  is  less  genaous  than  it  ought 
to  be  at  the  appeals  stage. 

A  common  set  of  procedures  for  both  govanment  and  contractor  person¬ 
nel  should  require  provision  of  a  full  and  complete  statement  of  the  reasons 
for  the  proposed  denial  or  revocation  and  a  clear  statement  about  the  right  to 
counsel  at  all  stages  of  an  appeal. 

Appeal  of  the  denial  of  an  initial  clearance  should  be  decided  upon  a 
written  response  without  an  oral  hearing.  Broader  rights  should  be  provided 
in  cases  involving  the  revocation  of  a  clearance  or  the  denial  of  a  higha  clear¬ 
ance.  In  these  cases,  so  long  as  the  person  claims  there  is  a  factual  dispute, 
there  should  be  the  right  to  an  informal  hearing  before  a  hearing  officer  who 
neither  has  any  involvement  in  the  issue  nor  is  within  the  chain  of  command 
of  those  responsible  for  the  clearance  adjudication.  The  hearing  should  resem¬ 
ble  an  informal  arbitration,  with  a  transcript  and  the  right  to  call  and  examine 
witnesses.  The  Fedaal  Rules  of  Evidence  should  not  be  used  and  the  process 
should  be  expected  to  take  one  day  or  less. 

A  second,  written  appeal  should  be  available  in  all  cases.  A  board  estab¬ 
lished  to  review  these  appeals  should  not  be  limited  to  strict  scope-of-review 
limits  but  should  be  free  to  take  a  fresh  look  at  the  case  in  reaching  its  deci¬ 
sion. 
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Appendix  C. 

Statement  of  Commissioner  Lapham 
on  Polygraph 


The  Commission  struggied  hard  to  reach  a  consensus  on  issues  reiating  to 
poiygraph  testing  for  personnei  screening  purposes,  in  the  end,  however,  i 
decided  to  go  my  own  way  on  these  issues,  and  to  prepare  this  separate  state¬ 
ment  of  my  views,  i  did  so  not  because  i  disagree  with  aii  of  the  Commission's 
recommendations  and  conciusions-indeed,  thae  are  a  number  with  which  l 
agree-but  mainiy  because  i  do  not  beiieve  that  the  report  contains  an  ade¬ 
quate  or  weii-reasoned  anaiysis  of  the  issues,  and  because  i  beiieve  that  short¬ 
coming  impeaches  even  those  recommendations  and  conciusions  with  which 
i  do  agree. 

Poiygraph  testing  is  an  obviousiy  invasive  procedure,  the  more  so  in 
screening  contexts  than  in  other  appiications.  in  the  more  typicai  setting  there 
is  a  singfe  factuai  issue  that  needs  to  be  resoived,  or  some  singie  event  that  is 
known  to  have  happened  and  that  is  under  investigation  Therefore  the  scope 
of  the  test  is  apt  to  be  narrow,  as  is  the  dass  of  persons  who  may  have  some 
reievant  information  to  provide.  Screening  poiygraphs  have  no  such  naturai 
iimits.  Aimost  by  definition  they  affect  iarger  dasses  of  persons  and  sweep 
more  wideiy  for  information.  The  goai  is  not  to  find  out  the  truth  about  some 
B/ent  that  is  known  to  have  happened,  but  ratha  to  find  out  about  the  back¬ 
ground  and  personai  history  of  the  person  being  examined.  Given  that  pur¬ 
pose,  muiti pie  topics  are  within  thefieid  of  inquiry,  and  the  questions  may 
range  across  an  entire  iifetime  or  a  substantiai  period  of  years  and  may  begin 
for  exampie  with  the  words  "have  you  ever”  or  "within  the  iast  five  years 
have  you  ever."  The  breadth  of  the  inquiry  is  one  reason  why  privacy  interests 
are  so  deepiy  impiicated  by  screening  poiygraphs,  and  especiaiiy  by  thefuii- 
scope  tests  that  inciude  the  so-caiied  "iife^ie  questions." 

There  is  aiso  the  matter  of  the  surroundings  in  which  the  tests  are  con¬ 
ducted.  The  atmosphae  is  dinicai.  The  chair  is  no  more  appeaiing  than  a  den¬ 
tist's  chair.  The  technoiogy  is  apt  to  be  mystaious,  and  oniy  one  of  the  three 
machine-to-body  connectors,  the  biood  pressure  cuff,  is  apt  to  befamiiiar. 
There  is  an  underiying  premise  that  something  about  to  be  said,  or  ai ready 
said  in  a  pasonai  history  statement,  may  be  a  iie.  The  examiner  is  a  stranger, 
and  the  entire  session,  inciuding  the  pretest  interview  and  any  posttest  ques¬ 
tioning,  is  being  tape-recorded  or  videotaped  and  is  destinecf  to  become  a 
government  record.  Those  circumstances  are  almost  bound  to  make  the  test 
an  unnerving  and  intimidating  experience,  even  apart  from  the  extent  to 
which  the  questioning  encroaches  on  privacy  zones. 

Privacy  intaests,  howeva,  are  not  the  same  thing  as  iegitimate  expecta¬ 
tions  of  privacy.  At  ieast  as  i  see  it,  any  anaiysis  of  the  poiygraph  procedure, 
like  any  anaiysis  of  other  i  nvasi  ve  techniques  that  are  used  to  screen  govern¬ 
ment  personnei,  such  as  drug-testing  programs  in  which  urine  sampies  are 
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required  to  be  given,  must  involve  a  balancing  of  such  privacy  expectations 
against  the  governmental  interests  that  are  at  stake,  and  ultimately  a  determi¬ 
nation  as  to  whether  the  procedure  is  reasonable.  My  personal  conclusion  is 
that  the  procedure  is  reasonable.  At  least  implicitly  the  Commission  reached 
the  same  conclusion,  but  I  get  there  by  a  different  route. 

Governmental  interests  and  individual  privacy  expectations 

At  a  threshold  level,  the  analysis  is  pretty  simple,  and  the  balance  is 
clearly  in  favor  of  the  government.  Not  long  ago,  in  1988,  the  Supreme  Court 
said  that  the  nation's  security  depends  in  large  measure  on  the  reliability  and 
trustworthiness  of  CL4  employees.  That  remark  could  just  as  well  have  been 
made  with  respect  to  othas  who  occupy  positions  involving  access  to  highly 
classified  information.  The  self-evident  point  here  is  that  the  govanment  has 
a  compelling  interest  in  assuring  itself  that  such  pasons  meet  high  standards. 
That  interest  necessitates  a  screening  process.  Individuals  who  seek  intelli¬ 
gence  agency  positions,  or  otha  positions  of  ^ual  trust,  have  every  reason  to 
understand  and  expect  that  such  a  process  will  be  conducted,  and  that  it  will 
include  a  searching  inquiry  into  their  pasonal  backgrounds.  To  be  sure,  thae 
is  room  for  disagreement  about  the  appropriate  scope  of  such  inquiries,  and 
as  to  the  categories  of  information  that  are  truly  gamane  to  the  reliability  and 
trustworthiness  determinations  that  need  to  be  made.  In  my  opinion,  how¬ 
ever,  so  long  as  the  inquiries  stay  within  rational  bounds  and  are  carried  out 
by  lawful  means,  and  with  the  consent  of  the  persons  affected,  those  persons 
can  have  no  valid  objections  based  on  legitimate  expectations  of  privacy. 

Where  the  screening  process  entails  a  polygraph  test,  whether  as  a  condi¬ 
tion  of  initial  or  continued  employment  or  as  a  condition  of  access,  that  fact  is 
made  known  in  advance,  as  are  the  topics  to  be  covered.  A  decision  to  submit 
to  the  test  is  a  matter  of  choice,  requiring  a  voluntary  consent  by  the  pason  to 
be  examined.  In  some  cases  that  choice  may  be  pasonally  difficult,  but  then  it 
is  not  the  government's  responsibility  to  make  the  screening  process  easy  or 
painless.  Nor  can  hard  or  difficult  choices  be  equated  with  compulsion.  A 
refusal  to  take  a  polygraph  may  have  negative  consequences,  as  for  example 
the  loss  of  a  job  opportunity  at  CIA  or  NSA,  and  there  may  be  strong  pres¬ 
sures  to  avoid  those  consequences,  but  this  does  not  mean  that  a  decision  to 
take  the  test  is  forced  or  involuntary.  While  there  are  distinctions  that  can  be 
made  here  between  initial  applicants  for  employment  and  persons  who  are 
already  embarked  on  government  or  industry  careers,  and  for  whom  there¬ 
fore  the  pressures  are  undoubtedly  greater,  these  distinctions  are  to  some 
extent  accommodated  by  the  different  test  formats  that  are  used  and  in  any 
event  it  is  still  true  that  the  tests  are  known-in-advance  requirements,  are  con¬ 
ducted  on  a  consensual  basis,  and  not  inconsistent  with  any  fair  expectations 
of  privacy. 

The  relevance  of  the  questions 

However  compelling  the  government's  interest,  the  intentional  collection 
of  pasonal  information  unrelated  to  that  interest,  especially  by  invasive  tech¬ 
niques,  is  not  defensible.  The  issue  hae  is  thaefore  whetha  a  rational  link 
exists  between  the  kinds  of  conduct  that  are  probed  by  the  "relevant"  poly¬ 
graph  questions  and  the  reliability  and  trustworthiness  detaminations  that 
the  govanment  must  make.  I  n  otha  words,  the  issue  is  whetha  these  ques- 
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tions  are  "relevant"  not  just  because  they  are  so  denominated  in  a  polygraph 
test,  but  because  they  are  ti  ed  to  conduct  about  which  the  government  has 
legitimate  reason  to  be  concerned  and  to  inquire. 

Myown  belief  on  this  score  is  that,  asthetests  are  currently  structured,  in 
both  the  full-scope  format  and  the  counterintelligence-scope  format,  all  the 
relevant  questions  in  the  line-up  deal  with  matters  that  are  proper  subjects  of 
inquiry.  Most  of  the  controversy  surrounds  the  so-called  "lifestyle  questions," 
which  is  the  term  commonly  used  to  describe  some  of  the  questions  that  are 
asked  when  the  test  is  given  in  the  full-scope  format,  as  it  is  to  all  applicants, 
for  CIA  and  NSA  employment. 

I  view  the  term  "lifestyle  questions"  as  an  unfortunate  misnomer.  The  fla¬ 
vor  of  the  term  is  that  these  questions  have  only  to  do  with  personal  matters 
that  are  none  of  the  government's  business.  Infact,  however,  the  questions 
deal  with  such  matters  as  prior  criminal  conduct,  illicit  drug  use,  alcohol 
abuse,  and  any  history  of  serious  financial  or  mental  health  problems.  These 
same  subjects  are  matters  of  inquiry  on  personal  history  statement  forms  and 
associated  forms,  and  during  background  investigations.  If  they  were  judged 
to  be  irrelevant,  they  should  be  declared  out  of  bounds  on  all  these  fronts,  not 
just  on  the  polygraph  front.  As  I  see  it,  however,  all  these  subjects  can  readily 
be  linked  to  rdiability  and  trustworthiness  concerns,  and  to  established  adju¬ 
dicative  criteria.  Indeed  it  is  hard  for  me  to  imagine  a  credible  screening  pro¬ 
cess  in  which  these  subjects  were  not  pursued. 

At  the  same  time,  it  is  my  opinion  that  some  of  the  relevant  questions, 
including  some  of  the  "lifestyle  questions,"  as  currently  approved  for  use  in 
screening  polygraphs,  are  overly  general  and  too  broadly  worded.  As  a  conse¬ 
quence,  as  these  questions  are  discussed  between  the  examiner  and  the  per¬ 
son  to  be  examin^  during  thepre-test  interview,  there  is  a  high  likelihood 
that  personal  information  will  be  elicited,  perhaps  embarrassing  information, 
that  could  have  no  value  in  any  adjudicative  decision.  I  would  therefore  favor 
an  effort  to  rework  some  of  the  questions,  so  that  they  would  have  a  sharper 
and  more  narrow  focus  at  the  outset,  and  so  that  there  would  be  a  lesser 
chance  of  eliciting  irrelevant  personal  information.  I  would  also  like  to  see  it 
become  an  explicit  objective  of  polygraph  examiners  to  minimize  the  inciden¬ 
tal  "take"  of  such  irrelevant  information.  I  believe  these  steps  would  shorten 
the  tests,  make  them  less  i  ntrusi  ve,  and  reduce  the  number  of  retests  that  need 
to  be  given,  all  without  any  offsetting  disadvantage. 

Utility 

I  agree  with  the  Commission's  finding  that  polygraph  testing  has  high 
utility  as  a  personnel  screening  tool.  The  utility  evidence  is  varied.  It  consists 
partly  of  data  showing  that  large  numbers  of  significant  admissions  are  made 
during  the  interview  phase  of  the  procedure  that  takes  place  before  the  poly¬ 
graph  machine  is  ever  activated  and  during  the  questioning  that  may  follow 
after  the  machine  is  deactivated.  There  are  also  less  tangible  but  nevertheless 
important  utility  considerations  having  to  do  with  the  deterrent  effects  of  the 
procedure  in  relation  to  both  applicants  and  employees,  with  the  mutual  trust 
engendered  among  employees  by  their  common  polygraph  experience,  and 
with  the  fact  that  the  proc^ure  is  seen  as  eliminating  the  need  for  other  per¬ 
sonally  invasive  security  safeguards,  as  for  example  random  drug  testing  pro- 
grams- 
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Without  exception,  the  senior  agency  officials  consulted  by  the  Commis¬ 
sion,  having  direct  responsibility  for  polygraph  screening  programs,  gave  it  as 
their  opinion  that  these  programs  were  the  single  most  useful  screening  tool 
at  their  disposal,  and  were  the  linchpin  of  their  peisonnel  security  efforts. 
Granting  that  these  opinions  hardly  come  from  neutral  sources,  they  are  still 
worthy  of  respect  and  are  made  all  the  more  significant  when  considered  in 
the  light  of  the  Commission's  recognition  that  personnel  security  is  the  most 
vital  ingredient  in  any  security  system. 


Validity 

The  question  that  lurks  behind  the  utility  evidence,  particularly  insofar  as 
it  consists  of  data  showi  ng  success  i  n  the  elidtation  of  admissions,  is  whether 
the  procedure  is  otherwise  a  sham,  and  succeeds  only  because  it  is  orches¬ 
trate  in  such  a  way  as  to  make  it  appear  to  persons  being  examined  that  they 
have  only  two  choices,  one  being  to  make  admissions  assuming  they  have 
something  to  admit  and  the  otha  being  to  practice  deception  and  be  detected. 
In  otha  words,  as  I  see  it,  the  fundamental  validity  issue  is  whether  the  prom¬ 
ise  of  detection  is  an  empty  threat,  and  thaefore  whetha  the  whole  proce¬ 
dure  is  a  trick,  or  whetha  within  some  range  of  probability  the  procedure  can 
actually  distinguish  atrueanswafrom  afalseanswa.  By  endorsing  various 
expert  pronouncements  that  "The  scientific  validity  of  the  polygraph  [when 
used  for  pasonnel  security  purposes]  is  yet  to  be  established,  "the  Commis¬ 
sion  appears  to  come  down  on  the  first  side  of  this  issue.  As  a  consequence, 
when  it  goes  on  to  recommend  that  polygraph  screening  programs  be  contin¬ 
ued  with  catain  modifications,  the  report  apparently  acfopts  the  position  that, 
even  though  the  procedure  employed  by  these  programs  is  or  may  be  invalid, 
the  programs  should  be  maintained  in  any  event  because  they  are  useful.  If 
the  lack-of-validity  premise  of  that  position  is  accepted,  the  programs  are 
likely  to  be  discontinued  despite  their  utility. 

I  am  not  so  ready  as  the  Commissi  on  to  write  off  screening  polygraphs  as 
lacking  in  scientific  validity,  in  part  because  the  Commission  neva  explains 
what  it  means  by  that  tarn,  and  even  if  I  wae  ready  to  do  so,  I  still  would  not 
quickly  jump  ahead  to  the  separate  conclusion  that  polygraph  testing  has  no 
validity  as  a  pasonnel  screening  tool.  What  follows  is  my  own  non-expert 
conception  of  the  problem. 

A  polygraph  machine  monitors,  usually  on  three  channels,  physiological 
reactions  that  are  produced  by  pasons  as  they  respond  to  questions  that  can 
only  be  answaed  yes  or  no.  The  reactions  show  up  as  tracings  on  charts.  The 
machine  is  not  difficult  to  opaate.  Thae  is  no  real  dispute  that  it  does  what  it 
is  designed  to  do-which  again  is  only  to  monitor  physiological  reactions  and 
make  them  visible  in  the  form  of  chart  tracings-and  that  it  does  so  accu¬ 
rately 

The  validity  problem  arises  not  because  the  machine  is  fallible  but  ratha 
because  it  requires  an  infaenceto  daive  some  meaning  from  the  charts,  and 
because  thae  are  numaous  important  variables  that  bear  on  the  correctness 
and  strength  of  such  an  infaence,  the  theoretical  basis  for  which  may  itself  be 
open  to  debate. 

As  the  Commission  notes  in  its  report,  thae  is  no  physiological  reaction 
or  combination  of  reactions  that  is  known  to  be  a  unique  earmark  of  lying  or 
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deception.  In  isolation,  therefore,  any  reaction  or  set  of  reactions  to  any  one 
question  is  meaningless.  So,  for  example,  if  I  were  placed  on  a  polygraph 
machine  and  asked  only  the  single  question  whether  I  was  an  agent  of  the  for¬ 
eign  intelligence  service  of  country  X,  and  the  truth  was  yes  but  my  answer 
was  no,  the  best  polygraph  examiner  in  the  business  could  not  make  heads  or 
tails  of  my  physiological  reactions  to  that  question.  It  is  only  in  relation  to  my 
reactions  to  other  questions  that  the  examiner  could  begin  to  make  sense  out 
of  my  reactions  to  the  key  "are  you  an  agent"  question,  and  have  some  basis 
for  an  inference  that  my  answer  to  that  question  was  false.  That  inference 
would  proceed  on  the  theory  that  I  would  have  a  heightened  concern  about 
the  key  question  and  therefore  react  more  strongly  to  that  question  than  to 
others  that  were  asked  for  the  purpose  of  eliciting  reactions  that  could  serve 
as  points  of  comparison. 

All  polygraph  tests  rely  on  this  essential  theory  The  charts  are  diagnosed, 
or  scored,  and  inferences  thus  drawn  in  favor  of  or  against  the  persons  being 
examined,  by  comparing  the  reactions  to  the  relevant  questions  with  the  reac¬ 
tions  to  other  questions.  Different  polygraph  examiners,  including  CIA  and 
NSA  examinas,  use  diffaent  examination  techniques,  and  different  types  of 
questions  to  elicit  the  reactions  that  are  then  compared  with  the  reactions  to 
the  relevant  questions  in  order  to  score  the  test.  Each  of  the  different  methods 
has  its  champions,  but  nobody  has  ever  discovered  the  magic  formula.  No 
matta  which  technique  is  used,  no  matta  how  skilled  the  examiner,  and  no 
matter  what  scoring  system  is  applied,  the  resulting  diagnosis  may  still  be 
mistaken,  if  a  truthful  pason  is  diagnosed  as  deceptive,  the  mistake  is  known 
as  a  "false  positive."  If  a  deceptive  person  is  diagnosed  as  truthful,  the  mis¬ 
take  is  known  as  a  "false  negative." 

The  accuracy  and  error  rates  of  screening  polygraphs  are  at  best  very  dif¬ 
ficult  to  estimate.  The  same  is  true  in  non-screening  contexts,  except  in  valid¬ 
ity  studies  whae  mock  crimes  or  some  similar  events  are  staged  and  the  tests 
are  then  conducted  in  laboratory  conditions,  allowing  the  variables  to  be  con¬ 
trolled.  In  such  studies  the  guilt  or  innocence  of  the  role-playing  charactas  is 
known,  although  not  to  the  polygraph  examiner,  and  there  is  accordingly  a 
stone  tablet-a  record  of  what  is  known  in  the  business  as  "ground  truth"- 
against  which  the  examiner's  conclusions  can  be  crosscheck^.  Such  tablets 
don't  exist  outside  the  laboratory,  and  even  where  they  do  exist,  thae  is  apt  to 
be  heated  debate  among  experts  about  the  design  of  the  studies  and  about  the 
extent  to  which  their  findings  can  be  generalized. 

None  of  this,  however,  leads  me  to  believe  that  the  use  of  polygraph  test¬ 
ing  for  screening  purposes  is  an  unreasonableprocedure.Tosaythatpolygra- 
phy  may  not  be  an  exact  science  is  not  at  all  to  say  that  poiygraphers  cannot 
reach  credible  and  reasoned  opinions,  let  alone  that  such  opinions  can  be  dis- 
mised  as  wild  guesses.  We  are  not  dealing  hae  with  a  procedure  in  which  an 
examina  simply  hooks  up  a  machine,  looks  at  the  charts,  and  delivas  a  ver¬ 
dict.  We  are  dealing  instead  with  a  much  more  careful  procedure,  one  in 
which  both  the  relevant  and  other  questions  are  previewed  and  discussed 
with  the  person  to  be  examined,  and  in  which  the  examiner  then  seeks  to 
adjust  the  relevant  questions  so  as  to  eliminate  possible  causes  of  high-stress 
reactions  not  attributable  to  deception.  We  are  also  dealing  with  a  procedure 
in  which  equally  careful  efforts  are  made,  following  a  run  on  the  machine  that 
does  not  produce  a  "clear  chart,"  to  again  eliminate,  by  further  adjustments  in 
the  relevant  questions,  any  high-stress  reactions  to  those  questions  that  could 
have  causes  or  explanations  other  than  deception.  At  the  end  of  the  proce- 
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dure,  if  the  high-stress  reactions  remain,  there  at  a  minimum  is  a  rational  basis 
for  an  inference  that  deception  is  the  most  probable  cause  of  those  reactions. 

Where  the  Commission's  r^ort  goes  wrong,  it  seems  to  me,  is  in  its 
apparent  suggestion  that  the  validity  of  polygraph  testing  is  an  all-or-nothing 
proposition.  The  sense  of  the  report  is  that  one  or  another  of  two  propositions 
must  be  accepted— either  the  procedure  is  able  to  distinguish  truth  from 
deception  with  scientific  accuracy,  or  it  isn’t  able  to  distinguish  anything  at  all. 

If  mattas  were  this  simple,  the  policy  choices  would  be  far  easia  than  in 
fact  they  are.  If  polygraph  testing  produced  results  that  were  no  better  than 
random  chance,  say  no  better  than  the  results  that  could  be  obtained  by  flip¬ 
ping  coins,  the  arguments  against  it  would  be  much  stronga  and  might  even 
be  overwhelming,  despite  the  utility  evidence  and  the  government's  compel¬ 
ling  interest  in  conducting  an  effective  screening  process.  On  the  other  hand, 
if  polygraph  testing  results  had  the  same  degree  of  certainty  as,  say,  the 
results  of  the  testing  of  urine  or  blood  samples,  the  arguments  in  favor  of  it 
would  be  much  stronger,  although  for  different  reasons  the  technique  would 
still  be  controversial.  As  it  is,  however,  at  least  in  my  opinion,  the  reality  is 
somewhae  in  between,  probably  much  closa  to  the  high  end  of  the  scale  than 
to  the  coin-toss  end  but  nevertheless  at  a  point  on  the  scale  where  there  is 
some  significant  chance  that  opinions  may  be  mistaken.  The  hard  policy  prob¬ 
lem  for  any  manager  or  adjudicator  then  becomes:  how  much  credence  can  or 
should  be  given  to  such  opinions,  and  who  should  bear  the  burden  of  the 
doubt,  the  government  or  the  individual. 

The  Commission's  report  does  not  lay  any  of  this  out,  but  instead  side¬ 
steps  and  masks  this  policy  problem  by  its  treatment  of  polygraph  validity  as 
an  all-or-nothing  proposition,  and  leaves  what  I  regard  as  a  false  impression 
both  as  to  the  state  of  the  art  today  (the  inference  being  that  validity  is  zero) 
and  as  to  the  promise  of  research  tomorrow  (the  inference  being  that  some¬ 
thing  approaching  absolute  validity  might  be  established.) 

I  am  a  strong  supporta  of  furtha  basic  research,  but  I  have  also  come  to 
appreciate  the  challenge  of  designing  high-yield  research  projects  in  this  field, 
and  I  believe  that  any  advances  in  knowledge  will  come  slowly  and  in  small 
increments.  Again,  in  my  view  the  opinion  products  of  polygraph  testing, 
assuming  the  competence  of  the  examiner,  are  rational  inferences  eitha  that  a 
person  is  probably  telling  the  truth  or  probably  being  deceptive,  or  perhaps 
that  the  results  are  too  inconclusive  to  support  an  inference  one  way  or  the 
otha.  It  may  well  be  that  a  procedure  that  is  so  dependent  on  the  competence 
of  an  examiner,  and  that  deals  in  inferences  about  probabilities,  could  never 
meet  exacting  standards  of  scientific  accuracy,  no  matter  how  extensive  or 
well  designed  any  future  research  projects  might  be. 

If  my  conc^tions  are  right,  any  EXZI,  Director  of  N  SA,  or  Secretary  of 
Defense  who  wishes  to  maintain  polygraph  screening;  programs,  now  or  in 
the  foreseeable  future,  will  have  to  accept  the  uncertainty  of  accuracy  rates, 
and  the  inevitability  of  some  false  positive  outcomes,  as  facts  of  life.  Likewise 
inevitable  are  some  false  negative  outcomes.  On  that  side  the  possibility  that 
the  polygraph  can  be  "beaten,"  by  physical  countermeasures  or  otherwise, 
adds  something,  although  nobody  can  say  how  much,  to  the  accuracy  rate 
uncertainty.  Insofar  as  polygraph  testing  results  may  play  a  decisive  role  in 
connection  with  security  approval  decisions,  these  uncertainties  mean  that 
some  deserving  individuals  will  be  screened  out,  and  some  undeserving  indi- 
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viduals,  conceivably  even  atrained  foreign  agent  from  whom  we  have  the 
most  to  fear,  will  make  their  way  through. 

These  uncertainties,  however,  need  to  be  kept  in  perspective.  While  poly¬ 
graph  tests  may  not  be  scientifically  exact,  the  other  available  means  of  inves¬ 
tigating  a  person's  background  are  anything  but  foolproof  themselves. 
Pasonal  history  statements,  personal  interviews,  and  background  investiga¬ 
tions  can  be,  and  often  are,  carriers  of  information  that  is  false,  distorted,  or 
misleading,  purposely  or  othawise,  and  record  checks  are  not  guaranteed  to 
be  reliable  either.  Even  in  the  best  of  circumstances,  the  information  derived, 
from  these  otha  sources  does  not  meet,  nor  is  it  expected  to  meet,  any  scien¬ 
tific  accuracy  standards,  and  may  be  low-grade  in  tarns  of  its  value  and  cred¬ 
ibility.  If  anything,  polygraph  testing  is  less  open  to  being  faulted  on  these 
grounds,  particularly  considaing  the  fact  that  it  so  often  leads  to  admissions 
that  have  undoubted  reliability.  Given  a  choice  between  two  screening 
regimes,  one  of  which  would  involve  a  pasonal  history  statement  and  the 
otha  traditional  non-polygraph  means  of  investigation,  and  the  other  of 
which  would  involve  a  pasonal  history  statement  plus  only  polygraph  test¬ 
ing,  my  guess  is  that  CIA  and  N  SA  would  vote  for  the  second  ev^  time. 
Howeva,  there  is  no  reason  to  make  that  choice,  baause  betta  daisions  are 
likely  to  be  made  when  all  sources  of  information  are  used  in  tandem. 

Whetha  I  am  right  or  wrong  in  any  of  this,  I  do  not  think  that  any  major 
policy  shifts  should  be  based  on  non-expat  judgments  concerning  a  set  of 
issues  that  are  as  technically  complex  as  the  issues  related  to  the  validity  of 
polygraph  testing  procedures  used  to  screen  pasonnel. 

Recommendations  of  the  Commission 

I  will  turn  now  to  the  various  recommendations  contained  in  the  Com¬ 
mission's  report.  Before  doing  so,  howeva,  I  want  to  comment  about  one  of 
the  otha  statements  in  the  Commission's  report  with  which,  I  strongly  dis¬ 
agree.  In  its  catalogue  of  pro-polygraph  arguments,  the  report  includes  an 
alleged  argument  raating  to  "cost-effectiveness,"  and  goes  on  to  say  that  both 
CIA  and  NSA  present  a  good  casethat"[w]hen  admissions  made  by  a  subject 
during  a  polygraph  test  result  in  a  disqualification,  these  agencies  are  saved 
the  considaable  cost  and  time  of  conducting  a  background  investigation.  "As 
far  as  I  know,  neitha  CIA  nor  NSA  has  eva  said  that  polygraph  testing  is 
conducted  in  orda  to  save  money.  What  they  have  said  is  that  it  makes  more 
sense  to  conduct  the  testing,  as  they  do,  at  the  front  end  of  the  screening  pro¬ 
cess,  ratha  than  as  a  last  step  in  that  process,  baause  when  things  wae  done 
in  the  reverse  sequence,  as  was  formaly  the  case,  too  often  the  background 
investigation  would  be  successfully  completed  only  to  find  that  the  applicant 
made  disqualifying  admissions  during  the  polygraph  test.  The  real  argument 
hae  is  that  polygraph  testing  often  turns  up  information  that  background 
investigations  do  not.  Cost  effectiveness  has  nothing  to  do  with  whetha  such 
testing  is  conducted,  only  when  it  is  conducted.  Counting  cost  effectiveness  as 
a  pro-polygraph  argument  is  incorrect  and  only  serves  to  belittle  the  serious 
pro-polygraph  position. 

Scope.  The  Commission's  first  three  raommendations  relate  to  the  scope 
of  the  relevant  questions  to  be  asked  on  screening  polygraphs  conducted  by 
DOD  and  intelligence  community  agencies. 
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The  first  recommendation  is  that  all  SUCh  testing  be  limited  to  the  so- 
called  "C&scope"  questions,  except  in  the  case  of  applicants  seeking  staff 
positions  at  CIA  or  NSA.  As  I  understand  it,  this  recommendation  is  princi¬ 
pally  aimed  at  the  testing  of  contractor  personnel,  aird  specifically  N  SA  con¬ 
tractor  personnel  and  some  CIA  contractor  personnel,  who  today  are  required 
to  take  the  so-called  "full-scope"  tests.  I  agree  with  the  recommendation.  My 
reason  for  that  agreement  is  that,  as  I  see  it,  contractor  personnel  are  in  a 
somewhat  different  position,  so  far  as  concerns  their  legitimate  expectations 
of  privacy,  than  applicants  for  full-time  staff  positions  at  CIA  or  NSA.  The  lat¬ 
ter  are  seeking  careers  that  would  give  them  continued  and  wide-ranging 
access  to  highly  classified  information  over  a  long  period.  The  former  are  apt 
to  be  persons  who  are  already  embarked  on  careers  in  industry,  which  they 
may  well  have  undertaken  without  any  reason  to  believe  that  their  personal 
backgrounds  would  ultimately  be  the  subject  of  searching  inquiry  by  the  gov¬ 
ernment,  and  who  in  any  event  may  have  only  less  wide-ranging  and  only 
temporary  access  to  highly  classified  information.  In  my  view  these  consida- 
ations  support  the  recommendation. 

The  second  recommendation  is  that  the  testing  of  applicants  for  staff 
positions  at  CIA  and  NSA  be  limited  to  the  so-call^  "Cl-scope"  questions 
plus  questions  about  serious  criminal  conduct  and  recent  drug  use.  The  ratio¬ 
nale  is  that  the  other  questions  currently  asked  on  the  so-called  "full-scope" 
tests  do  not  produce  much  useful  information  and  therefore  should  be  elimi¬ 
nated,  producing  a  cost-free  benefit  in  the  form  of  a  reduction  in  intrusive¬ 
ness.  In  my  judgment,  as  I  have  said,  the  otha  questions  are  not  objectionable 
on  relevance  grounds,  and  I  would  be  slow  to  discard  them  without  a  fuller 
cost-benefit  breakout  than  I  think  the  Commission  has  ever  seen. 

The  third  recommendation  is  that  all  reinvestigation  polygraphs  be  lim¬ 
ited  to  a-scope  questions.  This  recommendation  would  simply  continuecur- 
rent  practice. 

Reciprocity.  The  Commision's  fourth  recommendation  is  that  "the  poly¬ 
graph  Should  not  serve  as  a  bar  to  clearance  red  procity  or  to  the  exchange  of 
classified  or  sensitive  information."  This  recommendation  is  not  explained  in 
the  report,  and  I  am  not  sure  what  problem  it  is  meant  to  correct,  or  what  the 
correction  w  ou  I  d  be. 

Controi  questions.  The  fifth  recommendation  is  a  large  mosaic  of  several 
ideas:  that  "the  intrusiveness  of  control  questions  be  minim&d;"  that  there 
be  strict  oversight  to  prevent  abusive  control  questions;  that  information  elic¬ 
ited  by  control  questions  not  be  kept  in  a  permanent  record  unless  it  relates  to 
criminal  activity;  and  that  appropriate  compliance  procedures  be  adopted 
and  enforced. 

The  predicate  of  this  recommendation  is  a  finding  in  the  report  that  "con¬ 
trol  questions  are  frequently  identified  as  the  most  intrusive  aspect  of  the 
polygraph."  I  do  not  agree  with  the  finding,  which  I  believe  is  based  on  sev¬ 
eral  misconceptions,  but  I  do  agree  that  there  is  probably  room  to  narrow  the 
scope  of  control  questions,  just  as  I  believe  that  there  should  be  some  narrow¬ 
ing  of  the  relevant  questions.  So  far  as  concans  the  idea  of  keeping  no  pama- 
nent  record  of  information  elicited  by  control  questions,  I  am  very  doubtful 
that  this  idea  makes  any  sense,  although  it  may  deserve  further  study.  If  the 
idea  were  to  be  implemented,  it  presumably  would  require  that  the  audiotape 
or  videotape  be  edited.  This  would  involve  the  partial  destruction  of  these 
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records,  even  though  one  of  the  purposes  for  which  they  are  kept  is  to  assure 
their  availability  in  the  event  of  any  complaint  about  misconduct  or  over¬ 
reaching  by  the  examiner.  Further,  these  records  are  held  very  closely,  and  I 
am  unaware  of  any  evidence  that  came  before  the  Commission  of  any 
instance  in  which  there  was  an  improper  release  or  any  misuse  of  the  kind  of 
information  to  which  the  recommendation  relates.  While  the  recommendation 
calls  for  implementing  procedures,  it  is  impossible  to  know  what  sort  of  pro¬ 
cedures  the  report  might  have  in  mind. 

Over-reliance.  The  Commission's  sixth  recommendation  is  that  "physio¬ 
logical  reactions  without  admissions,  to  questions  during  a  polygraph  exami¬ 
nation  should  not  be  used  to  disqualify  individuals  without  efforts  to 
ind^endently  resolve  the  issue  of  concern"  This  recommendation  is  low  in 
clarity.  What  kinds  of  efforts  would  be  required  to  "independently  resolve  the 
issue  of  concern,"  and  what  could  happen  if  those  efforts  fail^?  Suppose 
thereweretwo  equally  well  qualified  applicants  for  the  same  position,  and 
the  polygraph  tests  resulted  in  an  examiner's  opinion  of  probable  deception 
in  one  case  but  not  the  other.  Would  that  then  mean  that,  absent  some  confir¬ 
mation  of  the  probable  deception  opinion,  these  results  had  to  be  ignored  in 
making  the  decision  as  to  which  applicant  to  hire?  The  recommendation 
raises  more  questions  than  it  answers,  and  provides  no  useful  guidance. 

Ovasight.  The  seventh  recommendation  is  that  a  new  independent  and 
external  mechanism  be  established  to  investigate  and  track  polygraph  com¬ 
plaints.  It  is  a  given  that  polygraph  programs  should  be  subject  to  rigorous 
and  effective  oversight.  This  recommendation  is  made,  however,  without  any 
real  review  of  existing  oversight  structures,  or  any  real  effort  to  show  how  or 
why  those  structures  might  be  inadequate,  or  any  indication  of  how  the  new 
"mechanism"  would  be  expected  to  opaate.  If  the  existing  oversight  is  inef¬ 
fective,  obviously  it  should  be  improved.  But  within  CIA,  for  example,  there 
is  already  oversight  within  the  Polygraph  Section  of  The  Office  of  Security, 
and  there  is  also  a  special  oversight  panel  (The  Polygraph  Complaint  Over¬ 
sight  Board)  which  includes  a  representative  of  the  Office  of  General  Counsel 
and  that  was  formed  in  mid-1992  for  the  explicit  purpose  of  resolving  poly¬ 
graph-related  complaints,  not  to  mention  the  Inspector  General's  office. 
Surdy  any  recommendation  calling  for  additional  ovasight  should  be  based 
on  some  showing,  which  the  report  does  not  contain,  that  these  checks  and 
safeguards  are  insufficient. 

Standardization.  The  Commission's  eighth  recommendation  is  that 
"standards  be  developed  to  ensure  consistency  in  the  administration,  applica¬ 
tion  and  quality  control  of  screening  polygraphs."  Thae  is  already  a  trend  in 
this  direction,  and  I  agree  that  furtha  steps  should  betaken.  I  do  not  unda- 
stand,  for  example,  why  the  relevant  questions,  in  whicheva  of  the  two  basic 
formats  the  tests  are  given,  should  be  diffaent  depending  on  which  agency  is 
conducting  the  test. 

The  diffaent  practices  to  which  this  recommendation  relates,  howeva, 
are  ovashadowed  by  circumstances  that  the  Commission's  report  barely  even 
mentions 

Polygraph  screening  programs  are  not  in  effect,  and  have  virtually  no 
chance  of  being  placed  into  effect,  in  parts  of  the  govanment  where  highly 
sensitive  national  security  information  is  handled  on  a  steady  basis.  So,  for 
example,  no  screening  polygraphs  are  given  to  State  Department  employees 
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at  any  level,  or  to  officials  in  the  national  security  apparatus  at  the  White 
House,  or  to  members  of  the  defense  and  intelligence  committee  staffs  in  the 
Congress,  although  many  of  these  persons  have  access  to  much  of  the  same 
information  as  intelligence  agency  employees,  or  to  equally  sensitive  informa¬ 
tion.  Even  in  DOD,  the  program  has  a  very  spotty  application,  if  only  because 
of  the  numerical  limit  on  screening  polygraphs  imposed  by  the  Congress. 
Among  other  things,  high-ranking  civilian  employees  are  essentially  exempt, 
and  many  high-ranking  military  personnel  are  also  unlikely  to  be  affected. 

If  the  programs  are  truly  important  to  the  protection  of  national  security 
information,  the  question  that  obviously  waits  to  be  asked  is  why  the  pro¬ 
grams  don't  have  more  genaal  coverage  and  acceptance.  If  they  are  needed  in 
one  place,  why  not  in  anotha?  The  Commission's  report  never  asks  this  ques¬ 
tion.  Instead  it  cites,  and  singles  out  for  criticism,  various  differences  in  the 
ways  in  which  polygraph  screening  programs  are  administered  at  CIA  and 
NSA.  These  differences  are  small  matters,  however,  compared  to  the  double 
standard  that  exists  by  virtue  of  the  fact  that  such  programs  are  used  in  one 
form  or  another  by  both  these  agencies,  and  seen  by  both  as  indispensable 
security  measures,  but  are  not  us^  in  any  form  by  other  agencies  whose  per¬ 
sonnel  have  access  to  the  same  or  equally  sensitive  information.  From  a  broad 
policy  perspective,  it  is  this  double  standard,  not  the  much  more  minor  differ¬ 
ences  cited  by  the  Commission,  that  has  real  significance,  because  it  points  to 
a  security  system  that  taken  as  a  whole  is  lacking  in  coherence  and  logic. 

I  am  frankly  at  a  loss  to  know  whae  any  of  this  leads,  but  there  is  at  least 
a  need  to  raise  these  considerations  and  make  them  part  of  the  debate. 

Certification.  The  Commission's  next  recommendation  is  that  "certifica¬ 
tion  of  polygraph  examiners  under  the  auspices  of  a  single  entity  should  be 
mandatory"  and  that  mandatory  requirements  for  recertification  also  should 
be  established."  I  do  not  know  what  this  recommendation  means.  As  I  under¬ 
stand  it,  polygraph  examiners  who  complete  the  training  curriculums  at  the 
DOD  Polygraph  Institute  or  at  the  CIA  polygraph  school  already  receive  cer¬ 
tificates  r^lecting  their  successful  completion  of  training  programs  approved 
by  the  Amaican  Polygraph  Association.  Further  as  I  undastand  it,  that  Asso¬ 
ciation  views  these  programs  as  the  finest  of  their  kind  in  the  country.  I  agree 
of  course  that  superior  training  is  a  must,  because  competence  and  profes¬ 
sionalism  on  the  part  of  examiners  are  key  elements  in  any  polygraph  pro¬ 
gram,  but  here  again  I  have  no  basis  to  be  critical  of  the  way  in  which  DOD  or 
CIA  polygraphers  are  trained,  and  the  report  provides  no  such  basis. 

National  polygraph  institute.  The  Commission's  next  recommendation 
is  that  "the  CIA  polygraph  school  be  consolidated  into  the  DOD  Polygraph 
Institute  to  form  a  national  polygraph  institute  that  would  conduct  all  train¬ 
ing  and  certification  of  government  polygraph  examiners."  This  recommen¬ 
dation  does  not  appear  to  have  any  cost  cutting  rationale,  since  none  is 
mentioned  in  the  report.  Instead  the  stated  objective  is  to  "enhance  the  quality 
of  polygraph  training  provided  by  the  government."  If  such  was  the  likely 
outcome,  I  would  favor  the  recommendation,  but  here  again  the  report  pro¬ 
vides  no  supporting  reasons  that  point  to  such  a  likely  outcome,  and  the  rec¬ 
ommendation  has  the  feel  of  one  that  was  madejust  for  the  sakeof  moving 
some  furniture  around. 

Research.  The  Commission's  last  recommendation  is  that  "a  robust  inter¬ 
agency-coordinated  and  centrally  funded  research  program  should  beestab- 
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lished  with  DOD/  PI  as  executive  agent,"  and  that  this  program  "concentrate 
on  the  development  of  valid  and  reliable  security  and  screening  tests  and 
standardize  their  use."  I  have  already  said  that  I  am  a  strong  supporter  of  fur¬ 
ther  basic  research:  DOD/  PI  already  conducts  a  broad  research  program, 
however,  and  I  am  not  sure  how  the  Commission  would  want  to  see  this  pro¬ 
gram  redirected.  Nor  do  I  understand  how  it  could  be  the  function  of  any 
research  program  to  "standardize"  the  use  of  polygraph  tests.  Only  manage¬ 
ment  decisions  could  have  that  result.  Further,  the  wording  of  the  recommen¬ 
dation  suggests  by  implication  that  polygraph  screening  tests,  as  currently, 
administer^,  have  no  validity  or  rdiability,  and  I  do  not  agree  with  that 
implication,  which  may  not  have  been  intended. 

Closing  thoughts 

I  am  not  blind  to  the  fact  that  screening  polygraphs,  for  many  people,  are 
hateful  experiences.  The  one  such  test  that  I  took  in  my  own  life,  which  was 
one  of  the  full-scope  models,  was  certainly  no  picnic.  It  is  only  natural  for  peo¬ 
ple  to  think  of  themselves  as  patriotic,  and  fit  to  serve  in  government  posi¬ 
tions  of  trust  should  the  opportunity  to  do  so  come  along.  All  probably  resent 
the  idea  that  their  honesty  or  integrity  might  be  impugned  by  a  polygraph 
examiner  armed  with  a  set  of  form  questions  and  a  strange  technology.  But 
thae  are  higher  stakes  hae,  because  mistakes  can  have  fateful  consequences 
for  the  country.  Somewhere  among  us  (no  reference  here  of  course  to  any 
members  of  the  Commission)  there  are  some  bad  apples.  Others  among  us, 
whateva  we  may  think  of  ourselves,  do  not  meet  the  standards  of  reliability 
and  trustworthiness  that  the  government  is  entitled  to  set,  and  indeed  must 
set  if  thae  are  to  be  any  pasonnel  security  controls  at  all  ratha  than  a  system 
in  which  all  comers  are  accepted,  no  questions  asked.  The  standard-setting 
alone  is  a  difficult  job,  and  judgmental  to  the  core.  So  is  the  sorting  process.  I 
end  up  believing  that  polygraph  testing  is  a  reasonable  step  in  that  process. 

I  am  also  well  aware  of  the  fact  that  polygraph  testing  has  a  high  poten¬ 
tial  for  abuse.  Thae  are  few  clear  roadsigns  here,  however,  and  except  in  obvi¬ 
ous  cases,  as  for  example  if  an  examina  pursues  unauthorized  lines  of 
inquiry,  abuses  are  hard  to  define.  I  favor  an  effort  to  develop  an  agreed  set  of 
ethical  guidelines,  beyond  any  that  exist  today,  that  would  apply  to  the  con¬ 
duct  of  screening  polygraphs.  I  also  favor  the  otha  steps  to  which  I  have 
refared  in  this  statement,  but  in  substantial  part  I  do  not  favor  the  Commis¬ 
sion's  recommendations,  and  for  that  reason  and  the  othas  I  have  already 
stated,  I  concluded  that  I  could  not  join  in  the  Commission's  report. 
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AECA 

Arms  Export  Control  Act 

ASPP 

Acquisition  Systems  Protection  Program 

ASPWG 

Acquisition  Systems  Protection  Working  Group 

ASSIST 

Automated  Systems  Security  Incident  Support  Team 

C3I 

Command,  Control,  Communications,  and  Intelligence 

CdSCMO 

Community  Countaintelligence  and  Security  Counter¬ 
measures  Office 

CCVS 

Central  Clearance  Vaification  System 

CERT 

Committee  of  Emergency  Response  Team 

a 

Countaintelligence 

OA 

Central  Intelligence  Agency 

aO 

Central  Imagery  Office 

OSAKA 

Countaintelligence,  Saurity  Countameasures  and 
Related  Activities 

CMS 

Community  Management  Staff 

COPS 

Committee  on  Physical  Saurity 

COTS 

Committee  on  Tahnical  Saurity 

CSE 

Centa  for  Security  Eval  uation 

CTC 

Countatarorist  Centa 

CTIA 

Central  TEMPEST  Tahnical  Authority 

D  a 

Director  of  Central  Intelligence 

pCID 

Dcn 

Director  of  Central  Intelligence  Directive 

Defense  Clearance  Investigations  Index 

DDEP 

Defense  Development  Exchange  Program 

DIA 

Defense  Intelligence  Agency 
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DICOB 

Defense  Industrial  Security  Clearance  Oversight  Board 

DH 

Defense  Information  Infrastructure 

DIS 

Defense  Investigative  Service 

DISA 

Defense  Information  Systems  Agency 

DISCR 

Defense  Investigative  Service  Clearance  Review  Office 

DoD 

Department  of  Defense 

DoDD 

Department  of  Defense  Directive 

DoDPI 

Department  of  Defense  Polygraph  Institute 

DoDSI 

Department  of  Defense  Security  Institute 

DoE 

Department  of  Enagy 

ENTNAC 

Entrance  National  Agency  Check 

EO 

Executive  Order 

FBI 

Federal  Bureau  of  Investigation 

FFRDC 

Federally  Funded  Research  and  Development  Center 

FOIA 

Freedom  of  Information  Act 

FOCI 

Foreign  Ownership  Control  and  Influence 

FORDTIS 

Foreign  Disclosure  and  Technical  Information  System 

GAO 

General  Accounting  Office 

G&A. 

General  and  Administrative 

GOVIND 

Government-Industry  Restricted  Information 

GSA 

General  Services  Administration 

lACSE 

Interagency  Advisory  Committee  on  Security  Equipment 

INFOSEC 

Information  Systems  Security 

loss 

Intaagency  Opaations  Security  Support  Staff 

ISOO 

Information  Security  Ovasight  Office 

ISM 

Industrial  Security  Manual 

ISPG 

Intelligence  Programs  Support  Group 

LIMDIS 

Limited  Dissemination 

MASINT 

Measurement  and  Signature  Intelligence 

NAC 

National  Agency  Check 

NACI 

National  Agency  Check  with  Inquiries 
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NAG/SCM 

National  Advisory  Group/ Security  Countermeasures 

NCS 

National  Communications  System 

NDP 

National  Disclosure  Policy 

NDPC 

National  Disclosure  Policy  Committee 

NFIP 

National  Foreign  Intelligence  Program 

MI 

National  Information  Infrastructure 

MSP 

National  Industrial  Security  Program 

MSPPAC 

National  Industrial  Security  Program  Policy  Advisory 
committee 

MST 

National  Institute  of  Standards  and  Technology 

NOAC 

National  Operational  Security  Advisory  Committee 

NOFORN 

Not  Releasable  to  Foreign  Nationals 

M»C 

Nonproliferation  Center 

NRO 

National  Reconnaissance  Office 

NSA 

National  Security  Agency 

NSD 

National  Security  Directives 

NSDD 

National  Security  Decision  Directives 

Nsnssc 

National  Security Telecommuiucations  and  Information 
systems  Security  committee 

OADR 

Originating  Agency's  Determination  Required 

OMB 

Office  of  M  anagement  and  Budget 

0PM 

Office  of  Personnel  Management 

OPSEC 

operations  security 

ORCON 

Dissemination  and  Extraction  of  Information  Controlled 
by  Originator 

OSD 

Office  of  the  Secretary  of  Defense 

OSPG 

Overseas  Security  Policy  Group 

PERSEREC 

Personnel  Security  Research  and  Evaluation  Center 

PEP 

Personnel  Exchange  Program 

PROPIN 

Proprietary  Information 

PSEAG 

Physical  Security  Equipment  Action  Group 

PSWG 

Personnel  Security  Working  Group 
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R&D 

Research  and  Development 

RELTO 

Releasable  To 

SAP 

Special  Access  Program 

SARF 

Special  Access  Required  Facility 

sa 

Sensitive  Compartmented  Information 

SOF 

Sensitive  Compartmented  Information  Facility 

SCM 

Security  Countameasures 

SIGINT 

Signals  Intelligence 

Slop 

Single  Integrated  Opaations  Plan 

SOR 

Statement  of  Reasons 

SPECAT 

Special  Category 

SSA 

Special  Security  Agreement 

SSBI 

Single  Scope  Background  Investigation 

ssn 

Suitability  and  Security  Investigations  Index 

TEMPEST 

Transient  Electromagnetic  Pulse  Emanation  Standard 

TIARA 

Tactical  Intelligence  and  Related  Activities 

TS 

Top  secret 

TSCM 

Technical  Surveillance  Countermeasures 

USSS  - 

United  States  Secret  Service 

WNINTEL 

Warning  Notice-Intelligence  Sources  and  Methods 

1  nvolved 
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